ReportizFlow
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Jenkins |
|
| Jenkins Project |
|
No data.
References
History
Sat, 21 Mar 2026 05:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jenkins
Jenkins loadninja |
|
| CPEs | cpe:2.3:a:jenkins:loadninja:*:*:*:*:*:jenkins:*:* | |
| Vendors & Products |
Jenkins
Jenkins loadninja |
Thu, 19 Mar 2026 09:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jenkins Project
Jenkins Project jenkins Loadninja Plugin |
|
| Vendors & Products |
Jenkins Project
Jenkins Project jenkins Loadninja Plugin |
Wed, 18 Mar 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-312 | |
| Metrics |
cvssV3_1
|
Wed, 18 Mar 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2026-03-18T15:15:25.768Z
Updated: 2026-03-18T15:55:13.735Z
Reserved: 2026-03-17T15:04:07.616Z
Link: CVE-2026-33003
Vulnrichment
Updated: 2026-03-18T15:54:11.498Z
NVD
Status : Analyzed
Published: 2026-03-18T16:16:28.290
Modified: 2026-03-21T00:18:27.543
Link: CVE-2026-33003
Redhat
No data.