{"id":"CVE-2026-48925","details":"A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request.","aliases":["GHSA-rf8w-7c3g-7h3g"],"modified":"2026-07-15T06:10:26.306811Z","published":"2026-05-27T15:16:32.190Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3776"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kostyasha/github-integration-plugin","events":[{"introduced":"0"},{"fixed":"6b4ee60d7bb2d4f0fcfa75c9f11ae029211fb2c5"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:kostyasha:github_integration:*:*:*:*:*:jenkins:*:*","extracted_events":[{"introduced":"0"},{"fixed":"0.7.4"}]}}],"versions":["0.7.3","github-integration-parent-0.7.2","0.7.1","0.7.0","github-integration-parent-0.6.1","0.6.0","0.5.0","0.4.0","0.3.0","0.2.8","0.2.7","0.2.6","0.2.5","0.2.4","0.2.3","0.2.2","0.2.1","0.2.0","0.2.0-rc-2","0.2.0-rc-1","0.2.0-alpha-3","0.2.0-alpha-2","0.2.0-alpha-1","0.1.0-rc29","0.1.0-rc28","0.1.0-rc27","0.1.0-rc26","0.1.0-rc25","0.1.0-rc24","0.1.0-rc23","0.1.0-rc22","0.1.0-rc21","0.1.0-rc20","0.1.0-rc19","0.1.0-rc18","0.1.0-rc17","0.1.0-rc16","0.1.0-rc15","0.1.0-rc14","0.1.0-rc13","0.1.0-rc12","0.1.0-rc11","0.1.0-rc10","0.1.0-rc9","0.1.0-rc8","github-integration-parent-0.1.0-rc7","github-integration-parent-0.1.0-rc6","github-integration-parent-0.0.1-rc5","github-integration-parent-0.0.1-rc4","github-integration-parent-0.0.1-rc3","github-integration-parent-0.0.1-rc2","github-integration-parent-0.0.1-rc1","github-integration-parent-0.0.1-beta17","github-integration-parent-0.0.1-beta16","github-pullrequest-0.0.1-beta14","github-pullrequest-0.0.1-beta13","github-pullrequest-0.0.1-beta12","github-pullrequest-0.0.1-beta11","github-pullrequest-0.0.1-beta10","github-pullrequest-0.0.1-beta9","github-pullrequest-0.0.1-beta8","github-pullrequest-0.0.1-beta7","github-pullrequest-0.0.1-beta6","github-pullrequest-0.0.1-beta5","github-pullrequest-0.0.1-beta4","github-pullrequest-0.0.1-beta3","github-pullrequest-0.0.1-beta2","github-pullrequest-0.0.1-beta1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-48925.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}