Adam Jordan

**Name of the Vulnerable Software and Affected Versions** Jenkins LoadNinja Plugin versions 2.1 and earlier **Description** The Jenkins LoadNinja Plugin stores LoadNinja API keys unencrypted in `config.xml` files on the Jenkins controller. This allows users with Item/Extended Read permission, or access to the Jenkins controller file system, to view the API keys. The vulnerable files are located on the Jenkins controller. **Recommendations** Update to a newer version of the Jenkins LoadNinja Plugin that addresses this issue.

**Name of the Vulnerable Software and Affected Versions** Jenkins LoadNinja Plugin versions 2.1 and earlier **Description** The Jenkins LoadNinja Plugin does not properly mask LoadNinja API keys as they are displayed on the job configuration form. This could allow attackers to observe and capture these keys. **Recommendations** Update to a newer version of the Jenkins LoadNinja Plugin that addresses this issue.