{"id":"GHSA-35rx-7pc8-6963","summary":"API keys stored in plain text by Jenkins Katalon Plugin","details":"Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job `config.xml` files on the Jenkins controller as part of its configuration.\n\nThese API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.\n\nKatalon Plugin 1.0.33 no longer stores the API keys directly, instead accessing them through its [Credentials Plugin](https://plugins.jenkins.io/credentials) integration, once affected job configurations are saved again.","aliases":["CVE-2022-43419"],"modified":"2024-02-16T08:12:57.994266Z","published":"2022-10-19T19:00:18Z","database_specific":{"severity":"MODERATE","nvd_published_at":"2022-10-19T16:15:00Z","github_reviewed_at":"2022-10-19T20:27:38Z","cwe_ids":["CWE-256","CWE-522"],"github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43419"},{"type":"WEB","url":"https://github.com/jenkinsci/katalon-plugin/pull/28"},{"type":"WEB","url":"https://github.com/jenkinsci/katalon-plugin/commit/64f819387f3f14d54f3a1542578a5c7aa9feb85c"},{"type":"PACKAGE","url":"https://github.com/jenkinsci/katalon-plugin"},{"type":"WEB","url":"https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2846"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2022/10/19/3"}],"affected":[{"package":{"name":"org.jenkins-ci.plugins:katalon","ecosystem":"Maven","purl":"pkg:maven/org.jenkins-ci.plugins/katalon"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.33"}]}],"versions":["1.0.0","1.0.1","1.0.10","1.0.11","1.0.18","1.0.19","1.0.2","1.0.20","1.0.21","1.0.22","1.0.23","1.0.25","1.0.26","1.0.27","1.0.28","1.0.29","1.0.3","1.0.30","1.0.31","1.0.32","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-35rx-7pc8-6963/GHSA-35rx-7pc8-6963.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}