CVE-2026-57285
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration.
Risk Assessment
The risk involves the leakage of confidential GitHub Enterprise server URLs, which could be used by an attacker for further attacks or reconnaissance of the organization's infrastructure.
Recommendation
It is recommended to immediately update the GitHub Branch Source plugin to a version later than 1967.1969.v205fd594c821, which includes a fix for the missing permission check.
Original NVD description (English source)
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821 and earlier allows attackers with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration.

