BIT-jenkins-2026-27100

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/jenkins/BIT-jenkins-2026-27100.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-jenkins-2026-27100

Aliases

CVE-2026-27100
GHSA-wfhp-qgm8-5p5c

Published

2026-02-20T08:43:34.823Z

Modified

2026-02-20T09:26:12.601095Z

Summary

[none]

Details

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:maven:*:*"
    ]
}

References

Affected packages

Bitnami / jenkins

Package

Name: jenkins
Purl: pkg:bitnami/jenkins

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

2.483.0

Fixed

2.541.2

Introduced

2.542.0

Fixed

2.551.0

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/jenkins/BIT-jenkins-2026-27100.json"