Skip to main content

Jenkins Pipeline

2 CVEs product

Monthly

CVE-2026-57284 MEDIUM This Month

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps.

Jenkins Information Disclosure Jenkins Pipeline
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-57283 MEDIUM This Month

Cross-site request forgery in the Jenkins Pipeline: Groovy Plugin (versions up to and including 4331.v9d06ed4658ff) enables authenticated low-privilege users to instantiate arbitrary Java types related to job or system configuration by exploiting the unprotected Pipeline Snippet Generator endpoint. The attacker can reach types outside the normally permitted set of Pipeline steps, potentially influencing configuration objects that should be off-limits at their privilege level. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with non-automatable delivery.

CSRF Jenkins Jenkins Pipeline Red Hat
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps.

Jenkins Information Disclosure Jenkins Pipeline
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site request forgery in the Jenkins Pipeline: Groovy Plugin (versions up to and including 4331.v9d06ed4658ff) enables authenticated low-privilege users to instantiate arbitrary Java types related to job or system configuration by exploiting the unprotected Pipeline Snippet Generator endpoint. The attacker can reach types outside the normally permitted set of Pipeline steps, potentially influencing configuration objects that should be off-limits at their privilege level. No public exploit code has been identified at time of analysis, and CISA SSVC rates exploitation as none with non-automatable delivery.

CSRF Jenkins Jenkins Pipeline +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy