PT-2025-44281 · Jenkins · Jenkins Mcp Server Plugin+1
Kevin Guerroudj
·
Published
2025-10-29
·
Updated
2025-12-22
·
CVE-2025-64132
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins MCP Server Plugin versions 0.84.v50ca 24ef83f2 and earlier
Description
The Jenkins MCP Server Plugin does not properly enforce permission checks in several MCP tools. This allows attackers to initiate builds and access sensitive job and cloud configuration details that they are not authorized to view.
Recommendations
Update Jenkins MCP Server Plugin to a version later than 0.84.v50ca 24ef83f2.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Mcp Server Plugin