4.3
CVE-2026-57287
- EPSS 0.13%
- Veröffentlicht 24.06.2026 13:20:08
- Zuletzt bearbeitet 26.06.2026 19:09:34
- Quelle jenkinsci-cert@googlegroups.co
- CVE-Watchlists
- Unerledigt
Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jenkins ≫ Job Configuration History SwPlatformjenkins Version <= 1356.ve360da_6c523a
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.03 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3742