CVE-2026-57293: Vulnerability in Jenkins Project Jenkins Gitee Plugin
An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins.
AI Analysis
Technical Summary
CVE-2026-57293 is a vulnerability in the Jenkins Gitee Plugin where an incorrect permission check permits attackers holding global Item/Configure permission, but lacking that permission on individual jobs, to enumerate credential IDs stored within Jenkins. This could potentially expose sensitive credential identifiers, although the exact impact beyond enumeration is not detailed. The affected versions include 1288.v18b_deb_c9069b_ and earlier. There is no information on a patch or remediation level at this time.
Potential Impact
Attackers with global Item/Configure permission can enumerate credential IDs, potentially exposing sensitive credential references within Jenkins. This could aid further attacks if combined with other vulnerabilities or misconfigurations. However, the vulnerability does not grant direct access to credential secrets or allow modification of jobs without proper permissions.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict global Item/Configure permissions to trusted users only to limit exposure.
CVE-2026-57293: Vulnerability in Jenkins Project Jenkins Gitee Plugin
Description
An incorrect permission check in Jenkins Gitee Plugin 1288.v18b_deb_c9069b_ and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins.
CVSS v3.1
Score 4.3medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-57293 is a vulnerability in the Jenkins Gitee Plugin where an incorrect permission check permits attackers holding global Item/Configure permission, but lacking that permission on individual jobs, to enumerate credential IDs stored within Jenkins. This could potentially expose sensitive credential identifiers, although the exact impact beyond enumeration is not detailed. The affected versions include 1288.v18b_deb_c9069b_ and earlier. There is no information on a patch or remediation level at this time.
Potential Impact
Attackers with global Item/Configure permission can enumerate credential IDs, potentially exposing sensitive credential references within Jenkins. This could aid further attacks if combined with other vulnerabilities or misconfigurations. However, the vulnerability does not grant direct access to credential secrets or allow modification of jobs without proper permissions.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict global Item/Configure permissions to trusted users only to limit exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- jenkins
- Date Reserved
- 2026-06-24T08:41:44.358Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3be195eed863c81eeb98fb
Added to database: 06/24/2026, 13:54:29 UTC
Last enriched: 06/24/2026, 14:11:20 UTC
Last updated: 06/24/2026, 18:34:31 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.