CVE Catalog

CVE-2026-57304

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password.

Risk Assessment

The risk involves potential unauthorized connections from the Jenkins server to external systems, which could lead to data leakage or further attacks on the infrastructure.

Recommendation

It is recommended to immediately update the Assembla plugin to the latest available version and restrict Overall/Read permissions to trusted users only.

Original NVD description (English source)

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS