CVE-2026-57293
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
The Gitee Plugin in Jenkins version 1288.v18b_deb_c9069b_ and earlier has an incorrect permission check, allowing attackers with global Item/Configure permission to enumerate credential IDs stored in Jenkins.
Risk Assessment
Attackers may gain access to sensitive credential IDs, potentially leading to further attacks on the organization's systems and data.
Recommendation
It is recommended to update the Gitee Plugin to the latest version to fix the incorrect permission check and to restrict access to global Item/Configure permissions.
Original NVD description (English source)
An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins.

