CVE-2026-57304
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password.
Risk Assessment
The risk involves potential unauthorized connections from the Jenkins server to external systems, which could lead to data leakage or further attacks on the infrastructure.
Recommendation
It is recommended to immediately update the Assembla plugin to the latest available version and restrict Overall/Read permissions to trusted users only.
Original NVD description (English source)
A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password.

