Description
Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2846
Related Vulnerabilities
CVE-2019-10754 Vulnerability in maven package org.apereo.cas:cas-server-support-oidc
CVE-2020-7722 Vulnerability in npm package nodee-utils
CVE-2023-45648 Vulnerability in maven package org.apache.tomcat:tomcat
CVE-2022-23461 Vulnerability in npm package jodit
CVE-2022-4640 Vulnerability in maven package net.mingsoft:ms-mcms