CVE-2026-27100

ADVISORY - github

Summary

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.

EPSS Score⁠: 0.00027 (0.075)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

ADVISORY - github

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

ADVISORY - redhat

CWE-551⁠

Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

Impacted images

Advisories

NIST

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-27100⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4.3medium

GitHub

CREATED

2 days ago

UPDATED

14 hours ago

ADVISORY IDGHSA-wfhp-qgm8-5p5c⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4.3medium

Bitnami

CREATED

2 hours ago

UPDATED

1 hour ago

ADVISORY ID

BIT-jenkins-2026-27100

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

4.3medium

Red Hat

CREATED

2 days ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-27100⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4.3medium