← Back

CVE-2026-53442

nvd nist
Published: Jun 10, 2026Modified: Jun 12, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

Affected (2)

Products: Jenkins: Jenkins
Jenkins
1 product
Jenkins
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Jenkins
Jenkins
Before 2.568
Jenkins
Before 2.555.3

Related CWEs

CWE-311
Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.

References (1)

Source: jenkinsci-cert@googlegroups.com
Vendor Advisory

Timeline

No history available yet.