7.5
CVE-2026-48922
- EPSS 0.36%
- Veröffentlicht 27.05.2026 15:16:31
- Zuletzt bearbeitet 28.05.2026 17:01:49
- Quelle jenkinsci-cert@googlegroups.co
- CVE-Watchlists
- Unerledigt
Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jenkins ≫ Credentials Binding SwPlatformjenkins Version < 725.ve52b_2328a_fde
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.281 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3790