Suggestions search

All statuses

Filter by:

With package: jenkins

Found 12 matching suggestions

View:

Compact

Detailed

Published

Permalink CVE-2026-27099

8.0 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 4 months ago by @LeSuisse Activity log

Created suggestion 4 months ago
@LeSuisse ignored
10 packages
- python314Packages.jenkins-job-builder
- python313Packages.jenkins-job-builder
- python312Packages.jenkins-job-builder
- python314Packages.python-jenkins
- python313Packages.python-jenkins
- python312Packages.python-jenkins
- python312Packages.jenkinsapi
- python313Packages.jenkinsapi
- python314Packages.jenkinsapi
- jenkins-job-builder
4 months ago
@LeSuisse deleted
3 maintainers
- @coreyoconnor
- @earldouglas
- @NeQuissimus
4 months ago maintainer.delete
@LeSuisse accepted 4 months ago
@LeSuisse published on GitHub 4 months ago

Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 …

Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.

References

Jenkins Security Advisory 2026-02-18 vendor-advisory

Affected products

Jenkins

*
<2.541.*
<2.483

Matching in nixpkgs

pkgs.jenkins

Extendable open source continuous integration server

nixos-unstable 2.541.1
- nixpkgs-unstable 2.541.1
- nixos-unstable-small 2.541.1

Ignored packages (10)

pkgs.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

nixos-unstable 6.4.2
- nixpkgs-unstable 6.4.2
- nixos-unstable-small 6.4.2

pkgs.python312Packages.jenkinsapi

None

pkgs.python313Packages.jenkinsapi

Python API for accessing resources on a Jenkins continuous-integration server

nixos-unstable 0.3.15
- nixpkgs-unstable 0.3.15
- nixos-unstable-small 0.3.15

pkgs.python314Packages.jenkinsapi

Python API for accessing resources on a Jenkins continuous-integration server

nixos-unstable 0.3.15
- nixpkgs-unstable 0.3.15
- nixos-unstable-small 0.3.15

pkgs.python312Packages.python-jenkins

None

pkgs.python313Packages.python-jenkins

Python bindings for the remote Jenkins API

nixos-unstable 1.8.3
- nixpkgs-unstable 1.8.3
- nixos-unstable-small 1.8.3

pkgs.python314Packages.python-jenkins

Python bindings for the remote Jenkins API

nixos-unstable 1.8.3
- nixpkgs-unstable 1.8.3
- nixos-unstable-small 1.8.3

pkgs.python312Packages.jenkins-job-builder

None

pkgs.python313Packages.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

nixos-unstable 6.4.2
- nixpkgs-unstable 6.4.2
- nixos-unstable-small 6.4.2

pkgs.python314Packages.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

nixos-unstable 6.4.2
- nixpkgs-unstable 6.4.2
- nixos-unstable-small 6.4.2

Package maintainers

@felixsinger Felix Singer <felixsinger@posteo.net>

Ignored maintainers (1)

@earldouglas James Earl Douglas <james@earldouglas.com>

Upstream advisory: https://www.jenkins.io/security/advisory/2026-02-18/

Published

Permalink CVE-2026-27100

4.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 4 months ago by @LeSuisse Activity log

Created suggestion 4 months ago
@LeSuisse ignored
10 packages
- jenkins-job-builder
- python312Packages.jenkinsapi
- python313Packages.jenkinsapi
- python314Packages.jenkinsapi
- python312Packages.python-jenkins
- python313Packages.python-jenkins
- python314Packages.python-jenkins
- python312Packages.jenkins-job-builder
- python313Packages.jenkins-job-builder
- python314Packages.jenkins-job-builder
4 months ago
@LeSuisse deleted
3 maintainers
- @coreyoconnor
- @earldouglas
- @NeQuissimus
4 months ago maintainer.delete
@LeSuisse accepted 4 months ago
@LeSuisse published on GitHub 4 months ago

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run …

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.

References

Jenkins Security Advisory 2026-02-18 vendor-advisory

Affected products

Jenkins

*
<2.541.*

Matching in nixpkgs

pkgs.jenkins

Extendable open source continuous integration server

nixos-unstable 2.541.1
- nixpkgs-unstable 2.541.1
- nixos-unstable-small 2.541.1

Ignored packages (10)

pkgs.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

nixos-unstable 6.4.2
- nixpkgs-unstable 6.4.2
- nixos-unstable-small 6.4.2

pkgs.python312Packages.jenkinsapi

None

pkgs.python313Packages.jenkinsapi

Python API for accessing resources on a Jenkins continuous-integration server

nixos-unstable 0.3.15
- nixpkgs-unstable 0.3.15
- nixos-unstable-small 0.3.15

pkgs.python314Packages.jenkinsapi

Python API for accessing resources on a Jenkins continuous-integration server

nixos-unstable 0.3.15
- nixpkgs-unstable 0.3.15
- nixos-unstable-small 0.3.15

pkgs.python312Packages.python-jenkins

None

pkgs.python313Packages.python-jenkins

Python bindings for the remote Jenkins API

nixos-unstable 1.8.3
- nixpkgs-unstable 1.8.3
- nixos-unstable-small 1.8.3

pkgs.python314Packages.python-jenkins

Python bindings for the remote Jenkins API

nixos-unstable 1.8.3
- nixpkgs-unstable 1.8.3
- nixos-unstable-small 1.8.3

pkgs.python312Packages.jenkins-job-builder

None

pkgs.python313Packages.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

nixos-unstable 6.4.2
- nixpkgs-unstable 6.4.2
- nixos-unstable-small 6.4.2

pkgs.python314Packages.jenkins-job-builder

Jenkins Job Builder is a system for configuring Jenkins jobs using simple YAML files stored in Git

nixos-unstable 6.4.2
- nixpkgs-unstable 6.4.2
- nixos-unstable-small 6.4.2

Package maintainers

@felixsinger Felix Singer <felixsinger@posteo.net>

Ignored maintainers (1)

@earldouglas James Earl Douglas <james@earldouglas.com>

Upstream advisory: https://www.jenkins.io/security/advisory/2026-02-18/