Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0272

NIXPKGS-2026-0272
published on
Permalink CVE-2026-27100
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 2 months, 1 week ago
  • @LeSuisse ignored
    10 packages
    • jenkins-job-builder
    • python312Packages.jenkinsapi
    • python313Packages.jenkinsapi
    • python314Packages.jenkinsapi
    • python312Packages.python-jenkins
    • python313Packages.python-jenkins
    • python314Packages.python-jenkins
    • python312Packages.jenkins-job-builder
    • python313Packages.jenkins-job-builder
    • python314Packages.jenkins-job-builder
    2 months, 1 week ago
  • @LeSuisse deleted
    3 maintainers
    • @coreyoconnor
    • @earldouglas
    • @NeQuissimus
    2 months, 1 week ago maintainer.delete
  • @LeSuisse accepted 2 months, 1 week ago
  • @LeSuisse published on GitHub 2 months, 1 week ago
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run …

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.

References

Affected products

Jenkins
  • *
  • <2.541.*

Matching in nixpkgs

Ignored packages (10)

pkgs.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

Package maintainers

Ignored maintainers (3) 
Upstream advisory: https://www.jenkins.io/security/advisory/2026-02-18/