PT-2026-26075 · Jenkins · Jenkins Loadninja Plugin+1
Adam Jordan
·
Publicado
2026-03-18
·
Atualizado
2026-03-21
·
CVE-2026-33003
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins LoadNinja Plugin versions 2.1 and earlier
Description
The Jenkins LoadNinja Plugin stores LoadNinja API keys unencrypted in
config.xml files on the Jenkins controller. This allows users with Item/Extended Read permission, or access to the Jenkins controller file system, to view the API keys. The vulnerable files are located on the Jenkins controller.Recommendations
Update to a newer version of the Jenkins LoadNinja Plugin that addresses this issue.
Correção
Cleartext Storage of Sensitive Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jenkins
Jenkins Loadninja Plugin