CVE-2026-57287 | Jenkins Job Configuration History Plugin 1356.ve360da_6c523a… | CVSS 4.3 MEDIUM

Description

Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted.

Metadata

CVE ID: CVE-2026-57287
State: PUBLISHED
Assigner: jenkins
Reserved: 2026-06-24 08:41 UTC
Published: 2026-06-24 13:20 UTC
Last updated: 2026-06-24 14:12 UTC
Primary CWE: CWE-312
CWE-312 Cleartext Storage of Sensitive Information
Vendor / Product: Jenkins Project / Jenkins Job Configuration History Plugin
Sources: cve.org · NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Jenkins Project	Jenkins Job Configuration History Plugin	—	0 ≤ 1356.ve360da_6c523a_

Weakness (CWE)

CWE	Source	Description
CWE-312	adp	CWE-312 Cleartext Storage of Sensitive Information

CVSS scores (1)

Score	Severity	Version	Source	Vector
4.3	MEDIUM	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (1)

Jenkins Security Advisory 2026-06-24 https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3742