What is CVE-2026-57302?

CVE-2026-57302 is a medium-severity vulnerability in Jenkins Project Fitnesse Plugin, classified under Plaintext Storage of a Password. CVSS score: 4.3/10. Published 2026-06-24.

How severe is CVE-2026-57302?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Vulnerability in Jenkins Project Fitnesse Plugin

CVE-2026-57302

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Jenkins Project Fitnesse Plugin — versions 1.36

Weakness classification (CWE)

CWE-256 — Plaintext Storage of a Password

References

jenkinsci-cert@googlegroups.com (vendor-advisory)

Frequently asked questions

What is CVE-2026-57302?: CVE-2026-57302 is a medium-severity vulnerability in Jenkins Project Fitnesse Plugin, classified under Plaintext Storage of a Password. CVSS score: 4.3/10. Published 2026-06-24.
How severe is CVE-2026-57302?: Medium severity. CVSS v3 base score is 4.3 out of 10.