Unrated severityNVD Advisory· Published Jun 24, 2026· Updated Jun 24, 2026

CVE-2026-57302

Description

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Jenkins Project/FitNesse Pluginllm-fuzzy
Range: <=1.36

Patches

Vulnerability mechanics

References

www.jenkins.io/security/advisory/2026-06-24/mitrevendor-advisory

News mentions

Jenkins Security Advisory 2026-06-24
Jenkins Security Advisories · Jun 24, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000