Vulnerabilities
Vulnerable Software
Jenkins:  >> Jenkins  >> 2.541  Security Vulnerabilities
Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.
CVSS Score
8.0
EPSS Score
0.005
Published
2026-02-18
Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.
CVSS Score
4.3
EPSS Score
0.003
Published
2026-02-18


Contact Us

Shodan ® - All rights reserved