PT-2026-26074 · Cloudbees+2 · Jenkins+1

Babaucafor

Publicado

2026-03-18

Atualizado

2026-05-24

CVE-2026-33002

CVSS v2.0

7.6

Alta

Vetor

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.442 through 2.554 Jenkins LTS versions 2.426.3 through 2.541.2

Description The software does not properly validate the origin of requests made through the CLI WebSocket endpoint. It calculates the expected origin using the Host or X-Forwarded-Host HTTP request headers, which can be exploited through DNS rebinding attacks to bypass origin validation.

Recommendations Update to a newer version than 2.554. Update to a newer LTS version than 2.541.2.

Correção

Origin Validation Error

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-346CWE-350

Identificadores relacionados

BDU:2026-04249

BIT-JENKINS-2026-33002

CVE-2026-33002

GHSA-PHHV-63FH-RRC8

Produtos afetados

Jenkins

Red Os

PT-2026-26074 · Cloudbees+2 · Jenkins+1

CVE-2026-33002

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16