CVE-2026-33003

MEDIUM jenkins NVD

CVSS Score 4.3

Severity MEDIUM

Published Mar 18, 2026

Vendor jenkins

Description

Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

References

https://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3642