Skip to main content

Jenkins EC2 Fleet Plugin CVE-2026-57295

| EUVDEUVD-2026-38776 MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-06-24 jenkins GHSA-2x9c-vp3g-hvv2
5.4
CVSS 3.1 · Vendor: jenkins
Share

Severity by source

Vendor (jenkins) PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
vuln.today AI
4.6 MEDIUM

CSRF inherently requires victim interaction so UI:R is correct; PR:L retained as attacker must separately obtain credentials IDs; no availability impact applies.

3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (jenkins).

CVSS VectorVendor: jenkins

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Jun 24, 2026 - 16:24 vuln.today
CVSS changed
Jun 24, 2026 - 16:22 NVD
5.4 (None) 5.4 (MEDIUM)
CVE Published
Jun 24, 2026 - 13:20 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins.

AnalysisAI

Cross-site request forgery in Jenkins EC2 Fleet Plugin versions through 4.2.3.539.v8fedff2a_81c3 enables a network attacker to force Jenkins to connect to an attacker-controlled endpoint using AWS credentials stored in Jenkins, effectively exfiltrating those credentials. All Jenkins instances with this plugin installed and AWS credentials configured are at risk. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Enumerate valid Jenkins credentials IDs via reconnaissance
Delivery
Craft CSRF payload referencing attacker-controlled URL
Exploit
Socially engineer authenticated Jenkins user to trigger forged request
Execution
Jenkins connects to attacker URL using AWS credentials
Impact
Attacker captures AWS credentials from inbound connection

Vulnerability AssessmentAI

Exploitation The attacker must independently obtain a valid Jenkins credentials ID before crafting the attack - this is not discoverable through the CSRF vector itself and requires a separate reconnaissance step (e.g., prior low-level access, credential ID enumeration, or insider knowledge). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 5.4 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) warrants scrutiny: the UI:N metric is anomalous for a CSRF vulnerability, which by definition requires a victim user to trigger the forged request - typical CSRF mappings use UI:R. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has enumerated a valid Jenkins credentials ID - for example, through a prior low-privilege access or insider knowledge - crafts a malicious webpage containing a hidden form or JavaScript that submits a request to the victim's Jenkins instance referencing the EC2 Fleet Plugin endpoint. When an authenticated Jenkins user with access to the plugin visits this page, the forged request is silently submitted under the victim's session, causing Jenkins to initiate a connection to an attacker-controlled server using the specified AWS credentials. …
Remediation Upgrade the Jenkins EC2 Fleet Plugin to a version released after 4.2.3.539.v8fedff2a_81c3 per the Jenkins security advisory at https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3774; the exact fixed version number is not independently confirmed from available data beyond that the advisory addresses this issue. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57295 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy