What is CVE-2026-57287?

CVE-2026-57287 is a medium-severity vulnerability in Jenkins Project Job Configuration History Plugin, classified under Cleartext Storage of Sensitive Information. CVSS score: 4.3/10. Published 2026-06-24.

How severe is CVE-2026-57287?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Vulnerability in Jenkins Project Job Configuration History Plugin

CVE-2026-57287

Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view enc…

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Jenkins Project Job Configuration History Plugin — versions 0

Weakness classification (CWE)

CWE-312 — Cleartext Storage of Sensitive Information

References

jenkinsci-cert@googlegroups.com (vendor-advisory)

Frequently asked questions

What is CVE-2026-57287?: CVE-2026-57287 is a medium-severity vulnerability in Jenkins Project Job Configuration History Plugin, classified under Cleartext Storage of Sensitive Information. CVSS score: 4.3/10. Published 2026-06-24.
How severe is CVE-2026-57287?: Medium severity. CVSS v3 base score is 4.3 out of 10.