Nixpkgs Security Tracker

Login with GitHub

Details of issue NIXPKGS-2026-0273

NIXPKGS-2026-0273
published on 19 Feb 2026
updated 2 days, 12 hours ago by @LeSuisse Activity log
  • Created automatic suggestion
  • @LeSuisse removed
    10 packages
    • python314Packages.jenkins-job-builder
    • python313Packages.jenkins-job-builder
    • python312Packages.jenkins-job-builder
    • python314Packages.python-jenkins
    • python313Packages.python-jenkins
    • python312Packages.python-jenkins
    • python312Packages.jenkinsapi
    • python313Packages.jenkinsapi
    • python314Packages.jenkinsapi
    • jenkins-job-builder
  • @LeSuisse removed
    3 maintainers
    • @coreyoconnor
    • @earldouglas
    • @NeQuissimus
  • @LeSuisse accepted
  • @LeSuisse published on GitHub
Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 …

Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.

Affected products

Jenkins
  • *
  • <2.483
  • <2.541.*

Matching in nixpkgs

Ignored packages (10)

Package maintainers

Ignored maintainers (3)
Upstream advisory: https://www.jenkins.io/security/advisory/2026-02-18/