Primary

Context

Jenkins MCP Server Plugin Missing Permission Checks Vulnerability

Vulnerability

Patched

A vulnerability exists in the Jenkins MCP Server Plugin in versions through 0.84.v50ca_24ef83f2, where permission checks are not properly enforced in several MCP tools. This oversight allows attackers to trigger builds and access job and cloud configuration information that should be restricted.

Impact

Exploitation of this vulnerability could lead to unauthorized access to job and cloud configuration details, as well as the ability to trigger builds on behalf of the user.

Remediation

Users of the MCP Server Plugin should update to version 0.86.v7d3355e6a_a_18, which includes the necessary permission checks for the affected MCP tools.

Added: Oct 29, 2025, 2:35 PM

Updated: Oct 29, 2025, 2:35 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

3.1

exploitability

4.9

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

3.1

exploitability

4.9

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins MCP Server Plugin Missing Permission Checks Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Jenkins SAML Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating