CVE-2026-42519 - Medium Severity Vulnerability
Vulnerable Library - script-security-1373.vb_b_4a_a_c26fa_00.jar
The Jenkins Plugins Parent POM Project
Library home page: https://github.com/jenkinsci/script-security-plugin
Path to dependency file: /build.gradle
Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.jenkins-ci.plugins/script-security/1373.vb_b_4a_a_c26fa_00/17456b7673d59c2f821c997451a787c9359bba4e/script-security-1373.vb_b_4a_a_c26fa_00.jar
Dependency Hierarchy:
- ❌ script-security-1373.vb_b_4a_a_c26fa_00.jar (Vulnerable Library)
Found in base branch: main
Vulnerability Details
A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.
Publish Date: 2026-04-29
URL: CVE-2026-42519
CVSS 3 Score Details (4.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://www.jenkins.io/security/advisory/2026-04-29/#SECURITY-3662
Release Date: 2026-04-29
Fix Resolution: 1402.v94c9ce464861
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2026-42519 - Medium Severity Vulnerability
The Jenkins Plugins Parent POM Project
Library home page: https://github.com/jenkinsci/script-security-plugin
Path to dependency file: /build.gradle
Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.jenkins-ci.plugins/script-security/1373.vb_b_4a_a_c26fa_00/17456b7673d59c2f821c997451a787c9359bba4e/script-security-1373.vb_b_4a_a_c26fa_00.jar
Dependency Hierarchy:
Found in base branch: main
A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.
Publish Date: 2026-04-29
URL: CVE-2026-42519
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.jenkins.io/security/advisory/2026-04-29/#SECURITY-3662
Release Date: 2026-04-29
Fix Resolution: 1402.v94c9ce464861
⛑️ Automatic Remediation will be attempted for this issue.