A note from our new CEO Moritz Plassnig

Read the announcement
Security Advisories

CloudBees Security Advisory2026-06-24

This advisory announces vulnerabilities in 

,

and

CloudBees CI

,

and

Jenkins

Sandbox bypass vulnerability in Script Security Plugin

SECURITY-3792 / CVE-2026-57280

Severity (CVSS): [pill:High|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H]

Affected plugin: [pill:script-security|https://plugins.jenkins.io/script-security]

Description:

Script Security Plugin provides a sandbox feature that allows running user-provided scripts safely by intercepting and checking potentially unsafe operations.

Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type cast applied to each element of the iterated collection in a typed for loop (e.g. for (Type t in collection)), as this cast is performed during bytecode generation rather than in the transformed script AST.

This allows attackers able to provide sandboxed scripts to invoke constructors of arbitrary types without those invocations being checked by the sandbox, bypassing the sandbox protection. This can be used to execute arbitrary code on the Jenkins controller.

Script Security Plugin 1402.1405.vc96e74964250 updates the bundled groovy-sandbox library to a version that intercepts the implicit type cast applied to typed for loop elements, so those casts are checked by the sandbox.

Script security bypass vulnerability in Script Security Plugin

SECURITY-3793 / CVE-2026-57281

Severity (CVSS): [pill:High|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H]

Affected plugin: [pill:script-security|https://plugins.jenkins.io/script-security]

Description:

Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations such as @CompileStatic and @TypeChecked that carry an extensions member, which causes Groovy to load and execute a script from the classpath at compile time, before the sandbox is applied.

This may allow attackers able to define and run sandboxed scripts to execute code outside the sandbox, in the rare case that a suitable Groovy script is present on the classpath of the component that evaluates the script.

[!NOTE]

The Jenkins security team has been unable to identify any Groovy source files in Jenkins core or plugins that would allow attackers to execute dangerous code. While the severity of this issue is declared as High due to the potential impact, successful exploitation is considered very unlikely.

[/]

Script Security Plugin 1402.1405.vc96e74964250 rejects any annotation carrying an extensions member during sandbox compilation, before Groovy can resolve or execute the referenced script.

OS command injection vulnerability on agents in Git client Plugin

SECURITY-3723 / CVE-2026-57282

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L]

Affected plugin: [pill:git-client|https://plugins.jenkins.io/git-client]

Description:

Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into the SSH wrapper script generated by the "Manually provided keys" Git Host Key Verification strategy on Unix agents.

This allows attackers able to control the name of a build’s working directory (e.g. through a build parameter that determines the workspace directory) to inject shell command substitution and execute arbitrary commands on the agent.

[!NOTE]

This vulnerability only has an impact when attackers can control working directories (e.g., the argument to the dir(…) Pipeline step) while not being able to control the Pipeline itself or the programs or build scripts it executes.

[/]

Git client Plugin 6.6.1 stores the known_hosts file used by the "Manually provided keys" Git Host Key Verification strategy in the system temporary directory, so the workspace directory name is no longer embedded in the path passed to the generated SSH wrapper script.

CSRF vulnerability and unrestricted instantiation of types in Pipeline: Groovy Plugin

SECURITY-3677 / CVE-2026-57283 (CSRF), CVE-2026-57284 (unrestricted instantiation of types)

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N]

Affected plugin: [pill:workflow-cps|https://plugins.jenkins.io/workflow-cps]

Description:

Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, instantiating any type with a constructor annotated with @DataBoundConstructor in response to a request.

This allows attackers to have Pipeline: Groovy Plugin instantiate types related to job or system configuration other than Pipeline steps.

Additionally, this HTTP endpoint can be accessed using the GET method and does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. This allows attackers to create a script approval request attributed to another user, impersonating a trusted user when social engineering an administrator into approving a malicious script.

Pipeline: Groovy Plugin 4331.4333.v50a_b_076c5199 only instantiates Pipeline steps and metastep delegates through the Snippet Generator, and requires POST requests for the affected HTTP endpoint.

Missing permission check allows enumerating GitHub Enterprise server URLs in GitHub Branch Source Plugin

SECURITY-3808 / CVE-2026-57285

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N]

Affected plugin: [pill:github-branch-source|https://plugins.jenkins.io/github-branch-source]

Description:

GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier does not perform a permission check in an HTTP endpoint that lists the GitHub API endpoints configured in the global plugin configuration.

This allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured by administrators.

GitHub Branch Source Plugin 1967.1970.vd86979736546 requires Overall/Manage permission or Item/Extended Read permission on an item to list the configured GitHub API endpoints.

Missing permission check in Git Parameter Plugin allows listing SCM branch and tag names

SECURITY-3745 / CVE-2026-57286

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N]

Affected plugin: [pill:git-parameter|https://plugins.jenkins.io/git-parameter]

Description:

Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier does not perform a permission check in an HTTP endpoint that populates the list of values for Git parameters by querying the SCM configured on a job, using the SCM credentials configured in Jenkins.

This allows attackers with Item/Read permission to obtain information about the SCM repository used by a job they would otherwise be unable to access, such as branch names, tag names, and revision metadata.

Git Parameter Plugin 462.463.v496a_59f698e5 requires Item/Build permission to populate the list of values for Git parameters.

Encrypted values of secrets in job and agent configurations not redacted by Job Configuration History Plugin

SECURITY-3742 / CVE-2026-57287

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N]

Affected plugin: [pill:jobConfigHistory|https://plugins.jenkins.io/jobConfigHistory]

Description:

Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations through its "View as XML" / "(RAW)" feature and its configuration diff views.

This allows attackers with Item/Extended Read permission (but not Item/Configure permission) to view the encrypted values of secrets, such as build trigger tokens, that Jenkins would otherwise redact from the configuration shown to them.

Job Configuration History Plugin 1367.vc8fa_b_15101dc redacts the encrypted values of secrets when displaying historical job and agent configurations through its "View as XML" / "(RAW)" feature and its configuration diff views to users lacking Item/Configure permission.

LDAP injection vulnerability in Active Directory Plugin

SECURITY-3651 / CVE-2026-57288

Severity (CVSS): [pill:Low|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N]

Affected plugin: [pill:active-directory|https://plugins.jenkins.io/active-directory]

Description:

In Active Directory Plugin 2.41.1 and earlier, the Windows native (ADSI) authentication path does not escape the user name before building the LDAP search filter.

This allows unauthenticated attackers to inject LDAP wildcard characters into the user name, enabling them to enumerate directory user and group names, and to authenticate as a matching user when they know that user’s password but not their exact user name.

Active Directory Plugin 2.41.2 escapes the user name in the Windows native (ADSI) authentication path before building the LDAP search filter.

Missing permission check in MCP Server Plugin allows reading Pipeline replay scripts

SECURITY-3759 / CVE-2026-57300

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N]

Affected plugin: [pill:mcp-server|https://plugins.jenkins.io/mcp-server]

Description:

MCP Server Plugin 0.177.v629fdb_2557fe and earlier does not perform a permission check in the getReplayScripts MCP tool that returns the replay script of a Pipeline build.

This allows attackers with Item/Read permission to obtain the Pipeline script of jobs.

MCP Server Plugin 0.178.vffe5a_e770f3b_ requires Item/Extended Read permission to return the replay script of a Pipeline build through the getReplayScripts MCP tool.

SSL/TLS certificate validation unconditionally disabled by Bitbucket Push and Pull Request Plugin

SECURITY-3856 / CVE-2026-57289

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N]

Affected plugin: [pill:bitbucket-push-and-pull-request|https://plugins.jenkins.io/bitbucket-push-and-pull-request]

Description:

Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for the connections it makes to Bitbucket Server using Bearer token authentication.

Because the Bearer token is transmitted in these requests, this allows attackers able to intercept network traffic to capture the token and impersonate the Jenkins controller to Bitbucket Server.

Bitbucket Push and Pull Request Plugin 3.3.9 validates SSL/TLS certificates and hostnames for the connections it makes to Bitbucket Server using Bearer token authentication, using the trust store configured for the Jenkins controller JVM.

CSRF vulnerability in Priority Sorter Plugin

SECURITY-3769 / CVE-2026-57290

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N]

Affected plugin: [pill:PrioritySorter|https://plugins.jenkins.io/PrioritySorter]

Description:

Priority Sorter Plugin 936.v2c01c6b_84449 and earlier does not require POST requests in an HTTP endpoint that saves the global job priority configuration.

This allows attackers to overwrite the global job priority configuration.

Priority Sorter Plugin 936.937.v5581d0b_2ccb_a_ requires POST requests for the affected HTTP endpoint.

Missing permission checks and CSRF vulnerability in Gitee Plugin

SECURITY-3762 (1) / CVE-2026-57291 (missing permission check), CVE-2026-57292 (CSRF)

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N]

Affected plugin: [pill:gitee|https://plugins.jenkins.io/gitee]

Description:

Gitee Plugin 1288.v18b_deb_c9069b_ and earlier does not perform permission checks in several HTTP endpoints implementing form validation for its global configuration.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Gitee Plugin 1292.v2559f2f3f2c0 requires the appropriate permissions in the affected HTTP endpoints, and requires POST requests.

Incorrect permission check in Gitee Plugin allows enumerating credentials IDs

SECURITY-3762 (2) / CVE-2026-57293

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N]

Affected plugin: [pill:gitee|https://plugins.jenkins.io/gitee]

Description:

Gitee Plugin 1288.v18b_deb_c9069b_ and earlier does not correctly perform a permission check in an HTTP endpoint.

This allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

An enumeration of credentials IDs in Gitee Plugin 1292.v2559f2f3f2c0 requires Overall/Administer permission.

CSRF vulnerability and missing permission checks in EC2 Fleet Plugin

SECURITY-3774 / CVE-2026-57294 (missing permission check), CVE-2026-57295 (CSRF)

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N]

Affected plugin: [pill:ec2-fleet|https://plugins.jenkins.io/ec2-fleet]

Description:

EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier does not perform permission checks in several HTTP endpoints used to validate cloud configurations.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

EC2 Fleet Plugin 4.2.3.540.va_6eedb_7b_c112 requires Overall/Administer permission and POST requests to perform these form validation actions.

Path traversal vulnerability in External Workspace Manager Plugin

SECURITY-3777 / CVE-2026-57296

Severity (CVSS): [pill:High|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H]

Affected plugin: [pill:external-workspace-manager|https://plugins.jenkins.io/external-workspace-manager]

Description:

External Workspace Manager Plugin 1.3.2 and earlier does not reject .. path segments when validating the custom workspace path provided to the exwsAllocate Pipeline step, allowing the resulting workspace path to escape the configured disk mount point.

This allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can lead to remote code execution (see Reading Files).

External Workspace Manager Plugin 1.4.0 rejects .. path segments when validating the custom workspace path, and additionally verifies that the requested path is contained within the configured disk mount point before serving it through the external workspace browse functionality.

CSRF vulnerability and missing permission check in Contrast Continuous Application Security Plugin

SECURITY-3697 (1) / CVE-2026-57297 (missing permission check), CVE-2026-57298 (CSRF)

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N]

Affected plugin: [pill:contrast-continuous-application-security|https://plugins.jenkins.io/contrast-continuous-application-security]

Description:

Contrast Continuous Application Security Plugin 3.11 and earlier does not perform a permission check in an HTTP endpoint that tests the connection to a Contrast TeamServer.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key.

Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Contrast Continuous Application Security Plugin 3.12 requires Overall/Administer permission and POST requests to test the connection to a Contrast TeamServer.

Missing permission checks in Contrast Continuous Application Security Plugin allow enumerating Contrast metadata

SECURITY-3697 (2) / CVE-2026-57299

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N]

Affected plugin: [pill:contrast-continuous-application-security|https://plugins.jenkins.io/contrast-continuous-application-security]

Description:

Contrast Continuous Application Security Plugin 3.11 and earlier does not perform permission checks in several HTTP endpoints that fill list box options with the names of the configured Contrast metadata.

This allows attackers with Overall/Read permission to enumerate the names of configured Contrast metadata.

Contrast Continuous Application Security Plugin 3.12 requires the appropriate permission to enumerate the configured Contrast metadata.

Builds executed on the Jenkins controller by OWASP ZAP Plugin can lead to RCE

SECURITY-3649 / CVE-2026-57301

Severity (CVSS): [pill:High|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H]

Affected plugin: [pill:zapper|https://plugins.jenkins.io/zapper]

Description:

OWASP ZAP Plugin 1.0.7 and earlier does not support distributed builds, causing the file operations and build process of its "Automatically build ZAP" feature to be performed on the Jenkins controller rather than on the agent the build is assigned to.

This allows attackers with Item/Configure permission to configure the feature to build an attacker-controlled project, executing arbitrary code on the Jenkins controller and bypassing any restriction confining the build to a specific agent.

As of publication of this advisory, there is no fix. Learn why we announce this.

Passwords stored in plain text by FitNesse Plugin

SECURITY-3555 / CVE-2026-57302

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N]

Affected plugin: [pill:fitnesse|https://plugins.jenkins.io/fitnesse]

Description:

FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration.

These passwords can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

As of publication of this advisory, there is no fix. Learn why we announce this.

XXE vulnerability in Assembla Plugin

SECURITY-3692 (1) / CVE-2026-57303

Severity (CVSS): [pill:High|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N]

Affected plugin: [pill:assembla|https://plugins.jenkins.io/assembla]

Description:

Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks when parsing responses from the configured Assembla server.

This allows attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery.

As of publication of this advisory, there is no fix. Learn why we announce this.

CSRF vulnerability and missing permission check in Assembla Plugin

SECURITY-3692 (2) / CVE-2026-57304 (missing permission check), CVE-2026-57305 (CSRF)

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N]

Affected plugin: [pill:assembla|https://plugins.jenkins.io/assembla]

Description:

Assembla Plugin 1.4 and earlier does not perform a permission check in an HTTP endpoint that tests the connection to an Assembla server.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password.

Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

[!NOTE]

This does not allow exploiting the XML external entity (XXE) vulnerability described in the previous advisory entry.

[/]

As of publication of this advisory, there is no fix. Learn why we announce this.

CSRF vulnerability and missing permission check in Zowe zDevOps Plugin

SECURITY-3747 / CVE-2026-57306 (CSRF), CVE-2026-57307 (missing permission check)

Severity (CVSS): [pill:Medium|https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N]

Affected plugin: [pill:zdevops|https://plugins.jenkins.io/zdevops]

Description:

Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier does not perform a permission check in an HTTP endpoint implementing a connection test.

This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

As of publication of this advisory, there is no fix. Learn why we announce this.

Severity

Fix

  • CloudBees Traditional Platforms should be upgraded to 2.555.3.36985
  • CloudBees Cloud Platforms should be upgraded to 2.555.3.36985

Credit

  • Arad Inbar, Ben Grinberg, Nir Somech from DREAM, and, independently, Nahit Sogutlu (http://github.com/Dogru-Isim) for SECURITY-3651
  • Heechan, and, independently, YeJun Won for SECURITY-3759
  • Kai Aizen (SnailSploit) for SECURITY-3692 (1), SECURITY-3692 (2), SECURITY-3697 (1), SECURITY-3697 (2)
  • Ophion Security in collaboration with Claude and Anthropic Research for SECURITY-3742
  • Pablo Picurelli Ortiz (superpegaso2703) of Universidad Rey Juan Carlos for SECURITY-3649
  • Ravindu Wickramasinghe for SECURITY-3723
  • Romuald Moisan, Aix Marseille University for SECURITY-3555
  • Suman Roy (https://linkedin.com/in/sumanrox) for SECURITY-3808
  • SungpilHan (@EQSTLab) for SECURITY-3745
  • dyingman1 (https://github.com/dyingman1, redpoc Offensive Security Team) for SECURITY-3747, SECURITY-3762 (1), SECURITY-3762 (2), SECURITY-3769, SECURITY-3774, SECURITY-3777, SECURITY-3856

Subscription confirmed

You'll now be notified automatically when new vulnerabilities
are disclosed