{"api_version":"1","generated_at":"2026-06-25T03:28:16+00:00","cve":"CVE-2026-57287","urls":{"html":"https://cve.report/CVE-2026-57287","api":"https://cve.report/api/cve/CVE-2026-57287.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-57287","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-57287"},"summary":{"title":"CVE-2026-57287","description":"Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted.","state":"PUBLISHED","assigner":"jenkins","published_at":"2026-06-24 14:17:34","updated_at":"2026-06-24 15:16:44"},"problem_types":["CWE-312","CWE-312 CWE-312 Cleartext Storage of Sensitive Information"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"4.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"4.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3742","name":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3742","refsource":"jenkinsci-cert@googlegroups.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-57287","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-57287","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Jenkins Project","product":"Jenkins Job Configuration History Plugin","version":"affected 1356.ve360da_6c523a_ maven","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-57287","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-24T14:12:08.713773Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-312","description":"CWE-312 Cleartext Storage of Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-24T14:12:42.211Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Jenkins Job Configuration History Plugin","vendor":"Jenkins Project","versions":[{"lessThanOrEqual":"1356.ve360da_6c523a_","status":"affected","version":"0","versionType":"maven"}]}],"descriptions":[{"lang":"en","value":"Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted."}],"providerMetadata":{"dateUpdated":"2026-06-24T13:20:08.138Z","orgId":"39769cd5-e6e2-4dc8-927e-97b3aa056f5b","shortName":"jenkins"},"references":[{"name":"Jenkins Security Advisory 2026-06-24","tags":["vendor-advisory"],"url":"https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3742"}]}},"cveMetadata":{"assignerOrgId":"39769cd5-e6e2-4dc8-927e-97b3aa056f5b","assignerShortName":"jenkins","cveId":"CVE-2026-57287","datePublished":"2026-06-24T13:20:08.138Z","dateReserved":"2026-06-24T08:41:44.358Z","dateUpdated":"2026-06-24T14:12:42.211Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-24 14:17:34","lastModifiedDate":"2026-06-24 15:16:44","problem_types":["CWE-312","CWE-312 CWE-312 Cleartext Storage of Sensitive Information"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:12:08.713773Z","id":"CVE-2026-57287","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"57287","Ordinal":"1","Title":"CVE-2026-57287","CVE":"CVE-2026-57287","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"57287","Ordinal":"1","NoteData":"Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_ and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted.","Type":"Description","Title":"CVE-2026-57287"}]}}}