CVE Catalog

CVE-2026-57293

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

The Gitee Plugin in Jenkins version 1288.v18b_deb_c9069b_ and earlier has an incorrect permission check, allowing attackers with global Item/Configure permission to enumerate credential IDs stored in Jenkins.

Risk Assessment

Attackers may gain access to sensitive credential IDs, potentially leading to further attacks on the organization's systems and data.

Recommendation

It is recommended to update the Gitee Plugin to the latest version to fix the incorrect permission check and to restrict access to global Item/Configure permissions.

Original NVD description (English source)

An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS