Skip to main content

Jenkins Job Configuration History Plugin

1 CVEs product

Monthly

CVE-2026-57287 MEDIUM This Month

Jenkins Job Configuration History Plugin version 1356.ve360da_6c523a_ and earlier exposes encrypted secret values to any Jenkins user holding Extended Read permission by failing to apply Jenkins' standard secret redaction when rendering historical job and agent configurations. Encrypted credential values that Jenkins would normally mask are displayed in full within the plugin's history view, potentially enabling offline analysis of those values. No public exploit or active exploitation has been identified; SSVC rates this as non-automatable with partial technical impact.

Information Disclosure Jenkins Jenkins Job Configuration History Plugin
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins Job Configuration History Plugin version 1356.ve360da_6c523a_ and earlier exposes encrypted secret values to any Jenkins user holding Extended Read permission by failing to apply Jenkins' standard secret redaction when rendering historical job and agent configurations. Encrypted credential values that Jenkins would normally mask are displayed in full within the plugin's history view, potentially enabling offline analysis of those values. No public exploit or active exploitation has been identified; SSVC rates this as non-automatable with partial technical impact.

Information Disclosure Jenkins Jenkins Job Configuration History Plugin
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy