CVE-2026-57287

Summary

Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Job Configuration History Plugin0 <= 1356.ve360da_6c523a_affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References