Cleartext storage of sensitive information in Job Configuration History - CVE-2026-57287

 

Cleartext storage of sensitive information in Job Configuration History - CVE-2026-57287

Published: June 29, 2026


Vulnerability identifier: #VU135727
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-57287
CWE-ID: CWE-312
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Jenkins
Affected software:
Job Configuration History

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin does not redact the encrypted values of secrets when displaying historical job and agent configurations through its "View as XML" / "(RAW)" feature and its configuration diff views. A remote user can view encrypted secret values on the system.


How to mitigate CVE-2026-57287

Install updates from vendor's website.

Sources