Sensitive Data Exposure in Jenkins by CloudBees
CVE-2026-53442
5.3MEDIUM
What is CVE-2026-53442?
Jenkins versions 2.567 and earlier, along with LTS versions 2.555.2 and earlier, exhibit a vulnerability where secrets submitted via POST requests in config.xml are stored unencrypted in job configuration files. This lack of encryption allows users with Item/Extended Read permissions or access to the Jenkins controller's file system to view sensitive information, risking unauthorized access and potential data breaches.
Affected Version(s)
Jenkins 2.568
Jenkins 2.568
Jenkins 2.555.3 < 2.555.*