cvedb.io
CVE-2025-64132
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2025-10-29T14:15:57.310 · Last modified 2026-06-17T09:53:53.093

Summary

Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access.

Affected products

jenkins — mcp_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.