Missing Permission Checks in Jenkins Gitee Plugin Allow URL Hijack
CVE-2026-57291 Published on June 24, 2026
Missing permission checks in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method.
Vulnerability Analysis
CVE-2026-57291 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-57291 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2026-57291
Want to know whenever a new CVE is published for Jenkins? stack.watch will email you.
Affected Versions
Jenkins Project Jenkins Gitee Plugin:- Before and including 1288.v18b_deb_c9069b_ is affected.