An MCP server for interacting with a Jenkins server. Allows you to trigger jobs, check build statuses, and manage your Jenkins instance through MCP.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"jenkins": {
"env": {
"JENKINS_URL": "http://your-jenkins-server:8080",
"JENKINS_USER": "your-username",
"JENKINS_API_TOKEN": "your-api-token"
},
"command": "jenkins-mcp"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
An enterprise-grade MCP (Model Context Protocol) server for seamless Jenkins CI/CD integration. Enables AI assistants like Claude to interact with Jenkins through a comprehensive, production-ready API.
This server supports HTTP transport. Be the first to test it — help the community know if it works.
Five weighted categories — click any category to see the underlying evidence.
MCP Python SDK: WebSocket server transport does not support Host/Origin validation
### Summary In affected versions, the deprecated WebSocket server transport (`mcp.server.websocket.websocket_server`) accepted the WebSocket handshake without applying any `Host` or `Origin` header validation. The `TransportSecuritySettings` mechanism that the SSE and Streamable HTTP transports use for this purpose was not wired into the WebSocket transport, so there was no SDK-level way to restrict which origins could connect. ### Am I affected? Only if a developer's application server exposes
MCP Python SDK: HTTP transports serve session requests without verifying the authenticated principal
### Summary In affected versions, the SSE and Streamable HTTP server transports routed incoming requests to an existing session based only on the session identifier, without verifying that the request was authenticated as the same principal that created the session. Anyone who learned or guessed a session ID could send JSON-RPC messages on that session, regardless of which bearer token the request carried. ### Am I affected? Only if a developer's application server uses an HTTP transport (SSE,
MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks
### Summary In affected versions, the default request handlers installed by the experimental tasks feature (`server.experimental.enable_tasks()`) did not check which session created a task before acting on it. On a server with more than one connected client, any client could observe, read results from, and cancel tasks belonging to other clients. ### Am I affected? Only if the developer's application server calls `server.experimental.enable_tasks()`. If `grep -r enable_tasks` over their codebas
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default
### Description The Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using `FastMCP` with streamable HTTP or SSE transport, and has not configured `TransportSecuritySettings`, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or ac
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS
A validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Thank you to Rich Harang for reporting this issue.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in devops
MCP server for using the GitLab API
MCP Server for kubernetes management commands
MCP server for Dynatrace Managed to access logs, events, and metrics.
MCP server for no-payment x402 surface triage, 402 Index health checks, and paid review handoff.
MCP Security Weekly
Get CVE alerts and security updates for Jenkins Mcp Server and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
An enterprise-grade MCP (Model Context Protocol) server for seamless Jenkins CI/CD integration. Enables AI assistants like Claude to interact with Jenkins through a comprehensive, production-ready API.
# Global installation
npm install -g @ashwinighuge/jenkins-mcp-server
# Or use directly with npx
npx @ashwinighuge/jenkins-mcp-server --help
Add to your claude_desktop_config.json:
{
"mcpServers": {
"jenkins": {
"command": "jenkins-mcp",
"env": {
"JENKINS_URL": "http://your-jenkins-server:8080",
"JENKINS_USER": "your-username",
"JENKINS_API_TOKEN": "your-api-token"
}
}
}
}
# Install globally for system-wide access
npm install -g @ashwinighuge/jenkins-mcp-server
# Verify installation
jenkins-mcp --help
# Clone the repository
git clone https://github.com/AshwiniGhuge3012/jenkins-mcp-server
cd jenkins-mcp-server
# Install Node.js dependencies
npm install
# Install Python dependencies
pip install -r requirements.txt # or use uv pip install
# Run locally
node bin/jenkins-mcp.js --help
Create a .env file in your working directory:
# Required Jenkins Configuration
JENKINS_URL="http://your-jenkins-server:8080"
JENKINS_USER="your-username"
JENKINS_API_TOKEN="your-api-token"
# Optional: Server Configuration
MCP_PORT=8010
MCP_HOST=0.0.0.0
# Optional: Retry Configuration
JENKINS_MAX_RETRIES=3
JENKINS_RETRY_BASE_DELAY=1.0
JENKINS_RETRY_MAX_DELAY=60.0
JENKINS_RETRY_BACKOFF_MULTIPLIER=2.0
# Optional: Performance Cache Configuration
JENKINS_CACHE_STATIC_TTL=3600 # 1 hour
JENKINS_CACHE_SEMI_STATIC_TTL=300 # 5 minutes
JENKINS_CACHE_DYNAMIC_TTL=30 # 30 seconds
JENKINS_CACHE_SHORT_TTL=10 # 10 seconds
JENKINS_CACHE_STATIC_SIZE=1000 # Max cached items
JENKINS_CACHE_SEMI_STATIC_SIZE=500
JENKINS_CACHE_DYNAMIC_SIZE=200
JENKINS_CACHE_PERMANENT_SIZE=2000
JENKINS_CACHE_SHORT_SIZE=100