Permission Check Flaw in Jenkins Affects User Privacy Settings
CVE-2026-53439

4.3MEDIUM

Key Information:

Vendor

Jenkins

Status
Vendor
CVE Published:
10 June 2026

What is CVE-2026-53439?

Jenkins versions 2.567 and earlier, as well as LTS versions 2.555.2 and earlier, have a critical design oversight where missing permission checks allow attackers with Overall/Read permission to access sensitive user configuration details. This includes the ability to determine other users’ configured timezones and enumerate the names of their saved views within the 'My Views' section. Such exposure can facilitate privacy breaches and lead to targeted attacks.

Affected Version(s)

Jenkins 2.568

Jenkins 2.568

Jenkins 2.555.3 < 2.555.*

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.