CVE-2026-57300
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.
Risk Assessment
The risk involves leakage of confidential CI/CD scripts that may contain passwords, API keys, or other sensitive data, potentially leading to privilege escalation or further attacks.
Recommendation
It is recommended to immediately update the MCP Server plugin to the latest version that includes the fix for the missing permission check.
Original NVD description (English source)
A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.

