Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CSRF inherently requires victim interaction so UI:R is correct; PR:L retained as attacker must separately obtain credentials IDs; no availability impact applies.
Primary rating from Vendor (jenkins).
CVSS VectorVendor: jenkins
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins.
AnalysisAI
Cross-site request forgery in Jenkins EC2 Fleet Plugin versions through 4.2.3.539.v8fedff2a_81c3 enables a network attacker to force Jenkins to connect to an attacker-controlled endpoint using AWS credentials stored in Jenkins, effectively exfiltrating those credentials. All Jenkins instances with this plugin installed and AWS credentials configured are at risk. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must independently obtain a valid Jenkins credentials ID before crafting the attack - this is not discoverable through the CSRF vector itself and requires a separate reconnaissance step (e.g., prior low-level access, credential ID enumeration, or insider knowledge). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 5.4 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) warrants scrutiny: the UI:N metric is anomalous for a CSRF vulnerability, which by definition requires a victim user to trigger the forged request - typical CSRF mappings use UI:R. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has enumerated a valid Jenkins credentials ID - for example, through a prior low-privilege access or insider knowledge - crafts a malicious webpage containing a hidden form or JavaScript that submits a request to the victim's Jenkins instance referencing the EC2 Fleet Plugin endpoint. When an authenticated Jenkins user with access to the plugin visits this page, the forged request is silently submitted under the victim's session, causing Jenkins to initiate a connection to an attacker-controlled server using the specified AWS credentials. … |
| Remediation | Upgrade the Jenkins EC2 Fleet Plugin to a version released after 4.2.3.539.v8fedff2a_81c3 per the Jenkins security advisory at https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3774; the exact fixed version number is not independently confirmed from available data beyond that the advisory addresses this issue. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Jenkins Ec2 Fleet Plugin
View allSame weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38776
GHSA-2x9c-vp3g-hvv2