Nixpkgs Security Tracker

Login with GitHub

Details of issue NIXPKGS-2026-0272

NIXPKGS-2026-0272
published on 19 Feb 2026
Permalink CVE-2026-27100
updated 2 days, 12 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 2 days, 15 hours ago
  • @LeSuisse removed
    10 packages
    • jenkins-job-builder
    • python312Packages.jenkinsapi
    • python313Packages.jenkinsapi
    • python314Packages.jenkinsapi
    • python312Packages.python-jenkins
    • python313Packages.python-jenkins
    • python314Packages.python-jenkins
    • python312Packages.jenkins-job-builder
    • python313Packages.jenkins-job-builder
    • python314Packages.jenkins-job-builder
    2 days, 12 hours ago
  • @LeSuisse removed
    3 maintainers
    • @coreyoconnor
    • @earldouglas
    • @NeQuissimus
    2 days, 12 hours ago
  • @LeSuisse accepted 2 days, 12 hours ago
  • @LeSuisse published on GitHub 2 days, 12 hours ago
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run …

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.

Affected products

Jenkins
  • *
  • <2.541.*

Matching in nixpkgs

Ignored packages (10)

Package maintainers

Ignored maintainers (3) 
Upstream advisory: https://www.jenkins.io/security/advisory/2026-02-18/