Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-04-29T13:31:29 Jenkins Script Security Plugin: Jenkins Script Security Plugin: Information disclosure via missing permission check 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-425

A flaw was found in Jenkins Script Security Plugin. An attacker with Overall/Read permission can exploit a missing permission check to enumerate pending and approved Script Security classpaths. This information disclosure vulnerability allows unauthorized access to sensitive configuration details within the Jenkins environment.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. OpenShift Developer Tools and Services Fix deferred jenkins OpenShift Developer Tools and Services Fix deferred jenkins-2-plugins OpenShift Developer Tools and Services Fix deferred ocp-tools-4/jenkins-agent-base-rhel8 OpenShift Developer Tools and Services Fix deferred ocp-tools-4/jenkins-agent-base-rhel9 OpenShift Developer Tools and Services Fix deferred ocp-tools-4/jenkins-rhel8 OpenShift Developer Tools and Services Fix deferred ocp-tools-4/jenkins-rhel9 https://www.cve.org/CVERecord?id=CVE-2026-42519 https://nvd.nist.gov/vuln/detail/CVE-2026-42519 https://www.jenkins.io/security/advisory/2026-04-29/#SECURITY-3662