CVE Catalog

CVE-2026-57300

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.

Risk Assessment

The risk involves leakage of confidential CI/CD scripts that may contain passwords, API keys, or other sensitive data, potentially leading to privilege escalation or further attacks.

Recommendation

It is recommended to immediately update the MCP Server plugin to the latest version that includes the fix for the missing permission check.

Original NVD description (English source)

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS