PT-2026-51812 · Jenkins · Jenkins Fitnesse Plugin

Published

2026-06-24

Updated

2026-06-24

CVE-2026-57302

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to the Jenkins controller file system.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-256

Related Identifiers

CVE-2026-57302

Affected Products

Jenkins Fitnesse Plugin

PT-2026-51812 · Jenkins · Jenkins Fitnesse Plugin

CVE-2026-57302

Weakness Enumeration

Related Identifiers

Affected Products

References · 2