Description

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials.

INFO

Published Date :

2026-04-29T13:31:31.337Z

Last Modified :

2026-04-29T14:28:32.781Z

Source :

jenkins
AFFECTED PRODUCTS

The following products are affected by CVE-2026-42522 vulnerability.

Vendors Products
Jenkins Project
  • Jenkins Github Branch Source Plugin
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-42522.

URL Resource
https://www.jenkins.io/security/advisory/2026-04-29/#SECURITY-3702 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System