CVE-2026-53442
5.3 MEDIUMJenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job c...
Published: 2026-06-10 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-311
Description
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-34486 — Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptI... (7.5 HIGH)
- CVE-2025-13453 — A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on t... (4.6 MEDIUM)
- CVE-2020-7567 — A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the ... (5.7 MEDIUM)
- CVE-2017-14852 — An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SS... (8.6 HIGH)