CVE-2026-42523

Name of the Vulnerable Software and Affected Versions Jenkins GitHub Plugin versions prior to 1.46.1

Description Improper processing of the current job URL within the JavaScript used to validate the "GitHub hook trigger for GITScm polling" feature allows non-anonymous attackers with Overall/Read permission to execute a stored cross-site scripting (XSS) attack. XSS is a flaw where malicious scripts are injected into trusted websites.

Recommendations Update to a version later than 1.46.0.