CVE-2026-57305
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
The Assembla Plugin in Jenkins versions 1.4 and earlier has a CSRF vulnerability that allows attackers to connect to an attacker-specified URL using an attacker-specified username and password.
Risk Assessment
This vulnerability could lead to unauthorized access to system resources, posing a significant security risk to the organization.
Recommendation
It is recommended to update the Assembla Plugin to the latest version to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password.

