← All CVEs

CVE-2026-57287

MEDIUM 4.3

Published 2026-06-24 · Last modified 2026-06-24

Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted.

NO EXPLOITATION SIGNALS

No known exploitation, public exploit, or elevated probability at this time. Track for changes.

Exploitation likelihood

0.1%chance of exploitation in 30 days · 3rd percentile

○ In CISA KEV ○ Public exploit / PoC

Impact if exploited

4.3CVSS 3.1 · MEDIUM

  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone

What an attacker needs

  • Access: Reachable over the network — no local access needed
  • Privileges: Requires a low-privilege account
  • User interaction: No user interaction needed
  • Complexity: No special conditions — reliably repeatable

✓ lowers the bar for an attacker · ⚠ raises it

Affected

Vendors Jenkins Project

Products Jenkins Job Configuration History Plugin

Weakness (CWE)

  • CWE-312

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Sources: NVD · CVE.org · EPSS