CVE-2026-53442 – Jenkins POST Configuration Secrets Disclosure

CVE ID :CVE-2026-53442

Published : June 10, 2026, 2:16 p.m. | 23 minutes ago

Description :Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-53698 – Silverpeas: Privilege Escalation in Personal Space Component

CVE-2026-53694 – Potential local privileges escalation through argument injection in the nxchmod.sh script

CVE-2026-53693 – MISP BSimVis stored cross-site scripting in tag and cluster rendering paths via unescaped tag metadata and UI labels

CVE-2026-49760 – Stack Buffer Overflow in ei_s_print_term at Very Large Integer