CVE-2026-57286
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata.
Risk Assessment
The risk involves leakage of sensitive repository structure information, which may facilitate further attacks, such as identifying sensitive branches or code versions.
Recommendation
It is recommended to immediately update the Git Parameter Plugin to a version newer than 462.vdcf3df2ed2ca, where the missing permission check has been fixed.
Original NVD description (English source)
A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata.

