A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.
References
| Link | Resource |
|---|---|
| https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3759 | Vendor Advisory |
Configurations
History
26 Jun 2026, 19:06
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3759 - Vendor Advisory | |
| First Time |
Jenkins mcp Server
Jenkins |
|
| CPE | cpe:2.3:a:jenkins:mcp_server:*:*:*:*:*:jenkins:*:* |
24 Jun 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-862 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
24 Jun 2026, 14:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-24 14:17
Updated : 2026-06-26 19:06
NVD link : CVE-2026-57300
Mitre link : CVE-2026-57300
CVE.ORG link : CVE-2026-57300
JSON object : View
Products Affected
jenkins
- mcp_server
CWE
CWE-862
Missing Authorization
