CVE-2026-48926
published 2026-05-27CVE-2026-48926: Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_directory | — | — |
| jenkins | active_directory_plugin | — | — |
| jenkins | appspider | — | — |
| jenkins | appspider_plugin | — | — |
| jenkins | bitbucket_oauth | — | — |
| jenkins | bitbucket_oauth_plugin | — | — |
| jenkins | credentials_binding | — | — |
| jenkins | credentials_binding_plugin | — | — |
| jenkins | email_extension | — | — |
| jenkins | email_extension_plugin | — | — |
| jenkins | github_integration | — | — |
| jenkins | github_integration_plugin | — | — |
| jenkins | groovy_libraries | — | — |
| jenkins | groovy_libraries_plugin | — | — |
| jenkins | job_import | <= 122.v35289550f1e6 | — |
| jenkins | job_import | — | — |
| jenkins | job_import | — | — |
| jenkins | job_import_plugin | — | — |
| jenkins | ldap | — | — |
| jenkins | ldap_plugin | — | — |
| jenkins | ldap_referrals_in_active_directory | — | — |
| jenkins | ldap_referrals_in_active_directory_plugin | — | — |
| jenkins | multijob | — | — |
| jenkins | multijob_plugin | — | — |
| jenkins_project | jenkins_job_import_plugin | <= 143.v044a_2e819b_27 | — |