CVE-2026-57285
MEDIUM 4.3A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration.
NO EXPLOITATION SIGNALS
No known exploitation, public exploit, or elevated probability at this time. Track for changes.
Exploitation likelihood
0.2%chance of exploitation in 30 days · 12th percentile
○ In CISA KEV
○ Public exploit / PoC
Impact if exploited
4.3CVSS 3.1 · MEDIUM
- ConfidentialityLow
- IntegrityNone
- AvailabilityNone
What an attacker needs
- ✓Access: Reachable over the network — no local access needed
- ⚠Privileges: Requires a low-privilege account
- ✓User interaction: No user interaction needed
- ✓Complexity: No special conditions — reliably repeatable
✓ lowers the bar for an attacker · ⚠ raises it
Weakness (CWE)
- CWE-862: Missing authorization
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N