CVE-2026-33003

Published: Mar 18, 2026Modified: Mar 21, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Affected (1)

Products: Jenkins: Loadninja

Jenkins

1 product

Loadninja

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Loadninja	Before 2.2

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (1)

https://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3642

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

Timeline

No history available yet.