Back to CVE List

CVE-2026-57302

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
4.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vulnerability Description

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-256
Source
NVD
Vendor
Jenkins Project
Product
Jenkins FitNesse Plugin

External References

Discussion (0)

Add Comment

No comments yet. Be the first!