CVE-2026-57287
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted.
Risk Assessment
The organization is at risk of leaking sensitive data such as passwords, tokens, or API keys stored in job and agent configurations. Attackers with appropriate permissions can access these secrets, potentially leading to privilege escalation or further attacks on the infrastructure.
Recommendation
Immediately update the Job Configuration History Plugin to the latest available version that includes the fix for redacting secrets. Until the update is applied, restrict Extended Read permissions to trusted users only.
Original NVD description (English source)
Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted.

