CVE-2026-33003

CVSS v3.1

4.3

Medium

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2026-33003

Affected Products

Jenkins Loadninja Plugin

CVE-2026-33003

Weakness Enumeration

Related Identifiers

Affected Products

References · 2