Jenkins Unauthenticated Access

critical Web App Scanning Plugin ID 114968

Synopsis

Jenkins Unauthenticated Access

Description

Jenkins is an open-source automation server used to automate various aspects of software development, including building, testing, and deploying application. If authentication is not enforced, an attacker can gain administrative access to Jenkins, potentially allowing for the execution of arbitrary code, theft of sensitive information, and full control over the CI/CD pipeline.

Solution

Authentication should be enforced to prevent unauthorized access to the Jenkins instance.

See Also

https://www.jenkins.io/doc/book/security/

Plugin Details

Severity: Critical

ID: 114968

Type: remote

Published: 9/26/2025

Updated: 9/26/2025

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: High

Score: 7.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Critical

Base Score: 10

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVSS Score Source: Tenable

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information