Design/Logic Flaw

2022-10-1916:15:00

PRIOn knowledge base

www.prio-n.com

jenkins

katalon

api keys

unencrypted

config.xml

jenkins controller

access control

file system

nvd

0.001 Low

EPSS

Percentile

28.6%

JSON

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

CPENameOperatorVersion
katalonlt1.0.33

CPE	Name	Operator	Version
	katalon	lt	1.0.33

References

www.openwall.com/lists/oss-security/2022/10/19/3

www.jenkins.io/security/advisory/2022-10-19/

0.001 Low

EPSS

Percentile

28.6%

JSON

Related for PRION:CVE-2022-43419