Permission Check Flaw in Jenkins Affects User Privacy Settings
CVE-2026-53439
4.3MEDIUM
What is CVE-2026-53439?
Jenkins versions 2.567 and earlier, as well as LTS versions 2.555.2 and earlier, have a critical design oversight where missing permission checks allow attackers with Overall/Read permission to access sensitive user configuration details. This includes the ability to determine other users’ configured timezones and enumerate the names of their saved views within the 'My Views' section. Such exposure can facilitate privacy breaches and lead to targeted attacks.
Affected Version(s)
Jenkins 2.568
Jenkins 2.568
Jenkins 2.555.3 < 2.555.*