Loading market data...
← Back to CVE feed

CVE-2026-42522

MEDIUM CVSS 4.3 View on NVD ↗

Description

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

Published: Apr 29, 2026 14:16 UTC Modified: Apr 29, 2026 15:16 UTC