CVE-2026-42523

Vulnerability Description

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/Read permission.

Vulnerability Details

Published Date

April 29, 2026

Last Modified

April 29, 2026

Source

NVD

Vendor

Jenkins Project

Product

Jenkins GitHub Plugin

External References

https://www.jenkins.io/security/advisory/2026-04-29/#SECURITY-3704

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment