CVE-2026-27100

ADVISORY - github

Summary

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.

EPSS Score⁠: 0.00027 (0.075)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

ADVISORY - github

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

ADVISORY - redhat

CWE-551⁠

Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.