CRITICALCVE-2026-42523Published 2026-04-29Modified 2026-04-29CNA jenkins

CVE-2026-42523: Jenkins GitHub Plugin 1

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/Read permission.

CVSS v3.1: 9.0
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

Jenkins Project / Jenkins GitHub Plugin
≤ 1.46.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References

Jenkins Security Advisory 2026-04-29

Metrics