CVE Catalog

CVE-2026-57285

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration.

Risk Assessment

The risk involves the leakage of confidential GitHub Enterprise server URLs, which could be used by an attacker for further attacks or reconnaissance of the organization's infrastructure.

Recommendation

It is recommended to immediately update the GitHub Branch Source plugin to a version later than 1967.1969.v205fd594c821, which includes a fix for the missing permission check.

Original NVD description (English source)

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS