CVE Catalog

CVE-2026-53439

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

8th percentile — higher than 8% of all known CVEs

Summary

Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' 'My Views'.

Risk Assessment

Attackers can gain access to sensitive information about user configurations, potentially leading to further attacks or privacy breaches.

Recommendation

It is recommended to upgrade to the latest version of Jenkins to eliminate the missing permission checks and minimize the risk associated with information disclosure.

Original NVD description (English source)

Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' "My Views".

Vulnerability data from NVD (NIST) · CISA KEV · EPSS