{"id":"CVE-2026-57284","details":"Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps.","modified":"2026-07-15T06:10:10.560847Z","published":"2026-06-24T14:17:34.363Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3677"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/workflow-cps-plugin","events":[{"introduced":"0"},{"last_affected":"9d06ed4658ff2015198a895abf8684062bc4c4f1"}],"database_specific":{"cpe":"cpe:2.3:a:jenkins:pipeline\\:_groovy:*:*:*:*:*:jenkins:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"4331.v9d06ed4658ff"}],"source":"CPE_RANGE"}}],"versions":["4331.v9d06ed4658ff","4315.va_e456c4e7f4f","4303.v8fa_2a_581f0a_6","4285.v8df38f05c3c5","4275.vb_0565eb_a_3d36","4263.vd2edf31c1db_0","4262.va_74628df1ff2","4261.va_1fa_c7e4db_da_","4259.vf653c2b_8a_b_69","4258.v55f7f1691526","4257.vb_2e202808577","4256.v991a_f1991c03","4255.vd9c37f80fd8a_","4254.v0c8e228524ea_","4253.vc894cd5750c6","4252.v465f588eb_52f","4250.v2eecc0881a_e6","4238.va_6fb_65c1f699","4218.vff679a_5c0f3a_","4209.v83c4e257f1e9","4204.v2894b_cd7b_92f","4183.v94b_6fd39da_c1","4177.vb_203fe395445","4175.ve65b_fa_663eed","4173.v4a_1fd14533f1","4169.vb_7e492a_1c7b_e","4168.v7ea_f89c358b_d","4165.vf547819734da_","4151.v5406e29e3c90","4150.ve20ca_b_a_a_2815","4106.v7a_8a_8176d450","4146.v475b_8013e282","4117.vc0f3c515a_a_a_0","4080.va_15b_44a_91525","4050.v8b_a_69b_587c39","4046.v90b_1b_9edec67","4045.v0efb_cb_7cea_e9","4043.va_fb_de6a_a_8b_f5","4039.vd58c465ea_71a_","4032.vf3248d9c3fee","4030.v7c3a_975886a_8","4018.vf02e01888da_f","4014.vcd7dc51d8b_30","4011.v91e9951fa_d5b_","4009.v0089238351a_9","4007.vd705fc76a_34e","4003.vf9c56141493e","4002.v80ca_d0f47d7f","4000.v5198556e9cea_","3996.va_f5c1799f978","3993.v3e20a_37282f8","3975.v567e2a_1ffa_22","3990.vd281dd77a_388","3908.vd6b_b_5a_a_54010","3969.vdc9d3a_efcc6a_","3964.v0767b_4b_a_0b_fa_","3961.ve48ee2c44a_b_3","3953.v19f11da_8d2fa_","3946.v7935cb_edb_f82","3943.v3519a_3260660","3922.va_f73b_7c4246b_","3903.v48a_8836749e9","3894.vd0f0248b_a_fc4","3889.v937e0b_3412d3","3883.vb_3ff2a_e3eea_f","3880.vb_ef4b_5cfd270","3867.v535458ce43fd","3859.v7f65cc865019","3853.vb_a_490d892963","3837.v305192405b_c0","3835.vc2a_8f9167e92","3832.vc43e04d6d68c","3826.v3b_5707fe44da_","3821.v9d3888c583b_1","3817.vd20b_7e2b_692b_","3812.vc3031a_b_a_c955","3806.va_3a_6988277b_2","3805.v769b_b_74b_db_14","3802.vd42b_fcf00b_a_c","3793.v65dec41c3a_c3","3791.va_c0338ea_b_59c","3787.v8f5dcd14a_fa_c","3785.vee73da_b_9544e","3774.v4a_d648d409ce","3773.v505e0052522c","3769.v8b_e595e4d40d","3767.vdd3e0a_65b_ef3","3744.v6f2c0fe0e54d","3740.v6d35b_4ed5f9f","3732.vb_77c00a_57e12","3731.ve4b_5b_857b_a_d3","3697.vb_470e454c232","3728.vd5c88eef9154","3726.v83f8cff396c9","3722.v85ce2a_c6240b_","3717.va_180a_fe9d3cd","3713.vd671d4321509","3705.va_6a_c2775a_c17","3693.vd5c06270e4dc","3691.v28b_14c465a_b_b_","3673.v5b_dd74276262","3668.v1763b_b_6ccffd","3659.v582dc37621d8","3653.v07ea_433c90b_4","3651.ve2e99a_4f4a_e5","3641.vf58904a_b_b_5d8","3637.v63b_c17e0ed5b_","3635.vedb_8602eefa_c","3629.v8177e69e359a_","3626.v4eb_a_7d8b_2fa_4","3624.v43b_a_38b_62b_b_7","3611.v201b_d9f9eb_f7","3618.v13db_a_21f0fcf","3616.vb_2e7168f4b_0c","3606.v0b_d8b_e512dcf","3601.v9b_36a_d99e1cc","3583.v4f58de0d78d5","3581.v2b_e4c99c76ed","3565.v4b_d9b_8c29a_b_3","3536.vb_8a_6628079d5","2729.vea_17b_79ed57a_","3520.va_8fc49e2f96f","2802.v5ea_628154b_c2","2746.v0da_83a_332669","2759.v87459c4eea_ca_","2801.vf82a_b_b_e3e8a_5","2784.vd252824b_4eb_9","2660.vb_c0412dc4e6d","2725.v7b_c717eb_12ce","2710.vcd48b_b_9e0e7d","2706.v71dd22b_c5a_a_2","2705.v0449852ee36f","2692.v76b_089ccd026","2689.v434009a_31b_f1","2683.vd0a_8f6a_1c263","2688.v39a_b_e5c49a_65","2687.v3f09155513c1","2686.v7c37e0578401","2682.va_473dcddc941","2680.vf642ed4fa_d55","2659.v52d3de6044d0","2656.vf7a_e7b_75a_457","2648.va9433432b33c","2646.v6ed3b5b01ff1","2644.v29a793dac95a","2640.v00e79c8113de","2633.v6baeedc13805","workflow-cps-2.94","workflow-cps-2.93","workflow-cps-2.92","workflow-cps-2.91","workflow-cps-2.90","workflow-cps-2.89","workflow-cps-2.88","workflow-cps-2.87","workflow-cps-2.86","workflow-cps-2.85","workflow-cps-2.84","workflow-cps-2.83","workflow-cps-2.82","workflow-cps-2.81","workflow-cps-2.80","workflow-cps-2.79","workflow-cps-2.78","workflow-cps-2.77","workflow-cps-2.76","workflow-cps-2.75","workflow-cps-2.74","workflow-cps-2.73","workflow-cps-2.72","workflow-cps-2.71","workflow-cps-2.70","workflow-cps-2.69","workflow-cps-2.68","workflow-cps-2.67","workflow-cps-2.66","workflow-cps-2.65","workflow-cps-2.64","workflow-cps-2.63","workflow-cps-2.62","workflow-cps-2.61","workflow-cps-2.60","workflow-cps-2.59","workflow-cps-2.58","workflow-cps-2.58-beta-1","workflow-cps-2.57","workflow-cps-2.56","workflow-cps-2.55","workflow-cps-2.54","workflow-cps-2.53","workflow-cps-2.52","workflow-cps-2.51","workflow-cps-2.50","workflow-cps-2.49","workflow-cps-2.48","workflow-cps-2.47","workflow-cps-2.46","workflow-cps-2.45","workflow-cps-2.44","workflow-cps-2.43","workflow-cps-2.42","workflow-cps-2.41","workflow-cps-2.40","workflow-cps-2.39","workflow-cps-2.36","workflow-cps-2.35","workflow-cps-2.34","workflow-cps-2.33","workflow-cps-2.32","workflow-cps-2.31","workflow-cps-2.30","workflow-cps-2.29","workflow-cps-2.28","workflow-cps-2.27","workflow-cps-2.26","workflow-cps-2.25","workflow-cps-2.24","workflow-cps-2.23","workflow-cps-2.22","workflow-cps-2.21","workflow-cps-2.20","workflow-cps-2.19","workflow-cps-2.18","workflow-cps-2.17","workflow-cps-2.16","workflow-cps-2.15","workflow-cps-2.14","workflow-cps-2.13","workflow-cps-2.12","workflow-cps-2.11","workflow-cps-2.10","workflow-cps-2.9","workflow-cps-2.8","workflow-cps-2.7","workflow-cps-2.6","workflow-cps-2.5","workflow-cps-2.4","workflow-cps-2.3","workflow-cps-2.2","workflow-cps-2.1","workflow-cps-2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-57284.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}