Home

Description

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.

PUBLISHED Reserved 2026-06-24 | Published 2026-06-24 | Updated 2026-06-24 | Assigner jenkins

Product status

Default status
unknown

Any version
affected

References

www.jenkins.io/security/advisory/2026-06-24/ (Jenkins Security Advisory 2026-06-24) vendor-advisory

cve.org (CVE-2026-57301)

nvd.nist.gov (CVE-2026-57301)

Download JSON