25 matches found
Malicious code in loadninja-shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc01a627a5f67d1af201bfe6575973437cce899d9767312d44a40369dc16cc46 [email protected] is a dependency-confusion package targeting an internal/private package namespace. package.json declares "postinstall": "node...
MAL-2026-5744 Malicious code in loadninja-shared (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc01a627a5f67d1af201bfe6575973437cce899d9767312d44a40369dc16cc46 [email protected] is a dependency-confusion package targeting an internal/private package namespace. package.json declares "postinstall": "node...
CVE-2026-33003
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2026-33004
Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
EUVD-2026-12849
Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
EUVD-2026-12847
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
GHSA-QQJR-HF5H-JX3Q Jenkins LoadNinja Plugin stores LoadNinja API keys unencrypted in job config.xml files
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
GHSA-P9HG-WRMV-V8CP Jenkins LoadNinja Plugin does not mask LoadNinja API keys displayed on the job configuration form
Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
Jenkins LoadNinja Plugin does not mask LoadNinja API keys displayed on the job configuration form
Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
Jenkins LoadNinja Plugin stores LoadNinja API keys unencrypted in job config.xml files
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2026-33004
Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2026-33003
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2026-33004
Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2026-33004
Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2026-33004
CVE-2026-33004 affects Jenkins LoadNinja Plugin 2.1 and earlier, where API keys are displayed in plain text on the job configuration form and not masked. This creates a risk of credential observation/capture by users with access to the Jenkins UI or filesystem. The issue is documented across mult...
CVE-2026-33004
Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2026-33003
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2026-33003
CVE-2026-33003 affects Jenkins LoadNinja Plugin versions 2.1 and earlier. The underlying issue is that LoadNinja API keys are stored unencrypted in job config.xml files on the Jenkins controller. This can allow disclosure to users with Item/Extended Read permissions or anyone with access to the J...
CVE-2026-33003
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2026-33003
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...