{"id":"CVE-2026-57286","details":"A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca_ and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata.","modified":"2026-07-15T06:10:12.025497Z","published":"2026-06-24T14:17:34.707Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3745"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/git-parameter-plugin","events":[{"introduced":"0"},{"last_affected":"dcf3df2ed2cae73acf8e5a8afad1359666dd1d65"}],"database_specific":{"cpe":"cpe:2.3:a:jenkins:git_parameter:*:*:*:*:*:jenkins:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"462.vdcf3df2ed2ca"}],"source":"CPE_RANGE"}}],"versions":["462.vdcf3df2ed2ca_","460.v71e7583a_c099","444.vca_b_84d3703c2","439.vb_0e46ca_14534","435.va_f85861c663a_","git-parameter-0.11.0","git-parameter-0.10.0","git-parameter-0.9.19","git-parameter-0.9.18","git-parameter-0.9.17","git-parameter-0.9.16","git-parameter-0.9.15","git-parameter-0.9.14","git-parameter-0.9.11","git-parameter-0.9.10","git-parameter-0.9.9","git-parameter-0.9.8","git-parameter-0.9.7","git-parameter-0.9.6","git-parameter-0.9.5","git-parameter-0.9.4","git-parameter-0.9.3","git-parameter-0.9.2","git-parameter-0.9.1","git-parameter-0.9.0","git-parameter-0.8.1","git-parameter-0.8.0","git-parameter-0.7.2","git-parameter-0.7.1","git-parameter-0.7.0","git-parameter-0.6.2","git-parameter-0.6.1","git-parameter-0.6.0","git-parameter-0.5.1","git-parameter-0.5.0","git-parameter-0.4","git-parameter-0.3.2","git-parameter-0.3.1","git-parameter-0.3","0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-57286.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}