CVE-2026-48925
MEDIUMJenkins GitHub Integration Plugin < 0.7.3 - Cross-Site Request Forgery (CSRF)
Title source: ruleDescription
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
Jenkins Security Advisory 2026-05-27
https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3776
Scores
CVSS v3
4.3
EPSS
0.0011
EPSS Percentile
1.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (2)
Jenkins Project/Jenkins GitHub Integration Plugin
< 0.7.3
kostyasha/github_integration
< 0.7.4
Published
May 27, 2026
Tracked Since
May 27, 2026