CVE-2026-42519
published 2026-04-29CVE-2026-42519: A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | credentials_binding | — | — |
| jenkins | credentials_binding_plugin | — | — |
| jenkins | github | — | — |
| jenkins | github_branch_source | — | — |
| jenkins | github_branch_source_plugin | — | — |
| jenkins | github_plugin | — | — |
| jenkins | html_publisher | — | — |
| jenkins | html_publisher_plugin | — | — |
| jenkins | jenkins | — | — |
| jenkins | matrix_authorization_strategy | — | — |
| jenkins | matrix_authorization_strategy_plugin | — | — |
| jenkins | script_security | <= 1399.ve6a_66547f6e1 | — |
| jenkins | script_security | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins_project | jenkins_script_security_plugin | <= 1399.ve6a_66547f6e1 | — |
| ocp-tools-4 | jenkins-agent-base-rhel8 | — | — |
| ocp-tools-4 | jenkins-agent-base-rhel9 | — | — |
| ocp-tools-4 | jenkins-rhel8 | — | — |
| ocp-tools-4 | jenkins-rhel9 | — | — |