Description
A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata.
Severity (CVSS)
| Base score | 4.3 |
|---|---|
| Severity | Medium |
| Version | CVSS 3.1 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Provided by | CISA-ADP |
Weaknesses
- CWE-862 — CWE-862 Missing Authorization
Affected products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins Project | Jenkins Git Parameter Plugin | 0 to <=462.vdcf3df2ed2ca_ |
References
- https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3745 (vendor-advisory)
Generated from the official CVE List on 25 Jun 2026 10:14 UTC.