CVE Catalog

CVE-2026-57305

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

The Assembla Plugin in Jenkins versions 1.4 and earlier has a CSRF vulnerability that allows attackers to connect to an attacker-specified URL using an attacker-specified username and password.

Risk Assessment

This vulnerability could lead to unauthorized access to system resources, posing a significant security risk to the organization.

Recommendation

It is recommended to update the Assembla Plugin to the latest version to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS