CVE-2026-57287
MEDIUMJenkins Job Configuration History Plugin - Cleartext Storage of Sensitive Information
Title source: ruleDescription
Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
Jenkins Security Advisory 2026-06-24
https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3742
Scores
CVSS v3
4.3
EPSS
0.0013
EPSS Percentile
3.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-312
Status
published
Products (2)
jenkins/job_configuration_history
< 1356.ve360da_6c523a
Jenkins Project/Jenkins Job Configuration History Plugin
< 1356.ve360da_6c523a_
Published
Jun 24, 2026
Tracked Since
Jun 24, 2026