CVE Catalog

CVE-2026-57307

MediumCVSS 4.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Risk Assessment

The risk involves potential theft of sensitive credentials (e.g., passwords, tokens) by an attacker with only basic system access, which could enable further unauthorized access to other systems.

Recommendation

Immediately update the Zowe zDevOps plugin to a version later than 1.1.3.50.ve350c9b_450b_1, which fixes the missing permission check.

Original NVD description (English source)

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS