4.3
CVE-2026-57283
- EPSS 0.16%
- Veröffentlicht 24.06.2026 13:20:05
- Zuletzt bearbeitet 26.06.2026 20:20:12
- Quelle jenkinsci-cert@googlegroups.co
- CVE-Watchlists
- Unerledigt
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jenkins ≫ Pipeline: Groovy SwPlatformjenkins Version <= 4331.v9d06ed4658ff
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.053 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3677