CVE-2022-43419

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-43419

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-43419.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-43419

Aliases

GHSA-35rx-7pc8-6963

Published

2022-10-19T16:15:11Z

Modified

2025-05-08T20:48:50.043588Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

References

Affected packages

Git / github.com/jenkinsci/katalon-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/katalon-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

77dbb5820a3cff1df19d460b7c07fb9bb16cd56f

Affected versions

1.*

1.0.29

1.0.30

1.0.31

1.0.32

katalon-1.*

katalon-1.0.0

katalon-1.0.1

katalon-1.0.10

katalon-1.0.11

katalon-1.0.14

katalon-1.0.15

katalon-1.0.17

katalon-1.0.18

katalon-1.0.19

katalon-1.0.2

katalon-1.0.20

katalon-1.0.21

katalon-1.0.22

katalon-1.0.23

katalon-1.0.24

katalon-1.0.25

katalon-1.0.26

katalon-1.0.27

katalon-1.0.28

katalon-1.0.3

katalon-1.0.4

katalon-1.0.5

katalon-1.0.6

katalon-1.0.7

katalon-1.0.8

katalon-1.0.9