{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T13:51:11.595","vulnerabilities":[{"cve":{"id":"CVE-2026-33002","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2026-03-18T16:16:28.187","lastModified":"2026-03-21T00:18:44.090","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable to DNS rebinding attacks that allow bypassing origin validation."},{"lang":"es","value":"Jenkins 2.442 hasta 2.554 (ambos inclusive), LTS 2.426.3 hasta LTS 2.541.2 (ambos inclusive) realiza la validación de origen de las solicitudes realizadas a través del endpoint WebSocket de la CLI calculando el origen esperado para la comparación utilizando los encabezados de solicitud HTTP Host o X-Forwarded-Host, lo que lo hace vulnerable a ataques de reencuadernación de DNS que permiten eludir la validación de origen."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-350"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","versionStartIncluding":"2.426.3","versionEndExcluding":"2.541.3","matchCriteriaId":"B3638046-C2A7-4BEF-95E1-6E5C493DAA39"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*","versionStartIncluding":"2.442","versionEndExcluding":"2.555","matchCriteriaId":"7C72BD61-34BC-4609-9019-4C342792D538"}]}]}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3674","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]}]}}]}