CVE-2026-57287

MEDIUM

Jenkins Job Configuration History Plugin - Cleartext Storage of Sensitive Information

Title source: rule
STIX 2.1

Description

Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
Jenkins Security Advisory 2026-06-24
https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3742

Scores

CVSS v3 4.3
EPSS 0.0013
EPSS Percentile 3.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-312
Status published
Products (2)
jenkins/job_configuration_history < 1356.ve360da_6c523a
Jenkins Project/Jenkins Job Configuration History Plugin < 1356.ve360da_6c523a_
Published Jun 24, 2026
Tracked Since Jun 24, 2026