PT-2026-51813 · Jenkins · Jenkins Assembla Auth Plugin

Published

2026-06-24

Updated

2026-06-24

CVE-2026-57303

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-57303

Affected Products

Jenkins Assembla Auth Plugin

PT-2026-51813 · Jenkins · Jenkins Assembla Auth Plugin

CVE-2026-57303

Weakness Enumeration

Related Identifiers

Affected Products

References · 2