PT-2026-26076 · Jenkins · Jenkins Loadninja Plugin+1

Adam Jordan

+3

·

Publicado

2026-03-18

·

Atualizado

2026-03-21

·

CVE-2026-33004

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Jenkins LoadNinja Plugin versions 2.1 and earlier
Description The Jenkins LoadNinja Plugin does not properly mask LoadNinja API keys as they are displayed on the job configuration form. This could allow attackers to observe and capture these keys.
Recommendations Update to a newer version of the Jenkins LoadNinja Plugin that addresses this issue.

Correção

Information Disclosure

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-312

Identificadores relacionados

BDU:2026-04248
CVE-2026-33004
GHSA-P9HG-WRMV-V8CP

Produtos afetados

Jenkins
Jenkins Loadninja Plugin