CVE-2026-57300

Summary

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins MCP Server Plugin0.172.174.v9f72da_90a_710unaffected
Jenkins ProjectJenkins MCP Server Plugin0.178.vffe5a_e770f3b_ < *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References