Description
Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2846
Related Vulnerabilities
CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-standalone-components
CVE-2023-22946 Vulnerability in maven package org.apache.spark:spark-core_2.12
CVE-2018-1000632 Vulnerability in maven package org.dom4j:dom4j
CVE-2019-10354 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2019-6284 Vulnerability in maven package org.webjars.npm:node-sass