← Back

CVE-2022-43419

nvd nist
Published: Oct 19, 2022Modified: May 8, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Affected (1)

Products: Jenkins: Katalon
Jenkins
1 product
Katalon
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Katalon
Before 1.0.33

Related CWEs

CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

Source: jenkinsci-cert@googlegroups.com
Mailing ListThird Party Advisory
Source: jenkinsci-cert@googlegroups.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.