SB2026062952 - Cleartext storage of sensitive information in Jenkins Job Configuration History plugin



SB2026062952 - Cleartext storage of sensitive information in Jenkins Job Configuration History plugin

Published: June 29, 2026

Security Bulletin ID SB2026062952
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Cleartext storage of sensitive information (CVE-ID: CVE-2026-57287)

CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin does not redact the encrypted values of secrets when displaying historical job and agent configurations through its "View as XML" / "(RAW)" feature and its configuration diff views. A remote user can view encrypted secret values on the system.


Remediation

Install update from vendor's website.