CVE-2026-57287_CVE-2026-57287

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted.

Basic Information

ID CVE-2026-57287

Source jenkins

Published Jun 24, 2026 at 13:20

Modified Jun 24, 2026 at 14:12

Affected Product

Vendor Jenkins Project

Product Jenkins Job Configuration History Plugin

Affected Versions Jenkins Project Jenkins Job Configuration History Plugin 0

CWE Classification

CWE-312

References

www.jenkins.io /security/advisory/2026-06-24/

{
    "lastseen": "",
    "description": "Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted.",
    "published": "2026-06-24T13:20:08.138Z",
    "modified": "2026-06-24T14:12:42.211Z",
    "type": "cve",
    "title": "CVE-2026-57287",
    "source": "jenkins",
    "references": "https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3742",
    "id": "CVE-2026-57287",
    "bulletinFamily": "",
    "cwe": [
        "CWE-312"
    ],
    "cvelist": null,
    "sourceData": "Jenkins Project Jenkins Job Configuration History Plugin 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Jenkins Job Configuration History Plugin",
    "version": "0",
    "vendor": "Jenkins Project",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}