CVE-2026-57282 - CERT CVE
ID CVE-2026-57282
Sažetak Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent.
Reference
CVSS
Base: 5.0
Impact: 3.4
Exploitability:1.6
Pristup
VektorSloženostAutentikacija
NETWORK HIGH LOW
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW LOW
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Zadnje važnije ažuriranje 26-06-2026 - 20:20
Objavljeno 24-06-2026 - 14:17