CVE-2026-57287

Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:job_configuration_history:*:*:*:*:*:jenkins:*:*

History

26 Jun 2026, 19:09

Type Values Removed Values Added
References () https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3742 - () https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3742 - Vendor Advisory
CPE cpe:2.3:a:jenkins:job_configuration_history:*:*:*:*:*:jenkins:*:*
First Time Jenkins
Jenkins job Configuration History

24 Jun 2026, 15:16

Type Values Removed Values Added
CWE CWE-312
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3

24 Jun 2026, 14:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-24 14:17

Updated : 2026-06-26 19:09


NVD link : CVE-2026-57287

Mitre link : CVE-2026-57287

CVE.ORG link : CVE-2026-57287


JSON object : View

Products Affected

jenkins

  • job_configuration_history
CWE
CWE-312

Cleartext Storage of Sensitive Information