Description
Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/10/19/3
https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2846
Related Vulnerabilities
CVE-2021-41184 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui
CVE-2021-4245 Vulnerability in maven package org.webjars.npm:rfc6902
CVE-2020-7701 Vulnerability in npm package madlib-object-utils
CVE-2016-3092 Vulnerability in maven package commons-fileupload:commons-fileupload
CVE-2022-2216 Vulnerability in maven package org.webjars.npm:parse-url