CVE-2026-33004

Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3642	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:loadninja:*:*:*:*:*:jenkins:*:*

History

17 Jun 2026, 10:36

Type	Values Removed	Values Added
Summary		(es) El plugin de Jenkins LoadNinja 2.1 y versiones anteriores no enmascara las claves API de LoadNinja mostradas en el formulario de configuración del trabajo, lo que aumenta el potencial para que los atacantes las observen y capturen.

21 Mar 2026, 00:17

Type	Values Removed	Values Added
References	~~() https://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3642 -~~	() https://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3642 - Vendor Advisory
First Time		Jenkins Jenkins loadninja
CPE		cpe:2.3:a:jenkins:loadninja::::::jenkins::*

19 Mar 2026, 15:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
CWE		CWE-200

18 Mar 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-18 16:16

Updated : 2026-06-17 10:36

NVD link : CVE-2026-33004

Mitre link : CVE-2026-33004

CVE.ORG link : CVE-2026-33004

JSON object : View

Products Affected

jenkins

loadninja

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2026-33004", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-33004", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-19T14:48:26.981336Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "affected": [{"source": "jenkinsci-cert@googlegroups.com", "affectedData": [{"vendor": "Jenkins Project", "product": "Jenkins LoadNinja Plugin", "versions": [{"status": "affected", "version": "0", "versionType": "maven", "lessThanOrEqual": "2.1"}], "defaultStatus": "unaffected"}]}], "published": "2026-03-18T16:16:28.457", "references": [{"url": "https://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3642", "tags": ["Vendor Advisory"], "source": "jenkinsci-cert@googlegroups.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them."}, {"lang": "es", "value": "El plugin de Jenkins LoadNinja 2.1 y versiones anteriores no enmascara las claves API de LoadNinja mostradas en el formulario de configuraci\u00f3n del trabajo, lo que aumenta el potencial para que los atacantes las observen y capturen."}], "lastModified": "2026-06-17T10:36:45.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:loadninja:*:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "9BCE27DC-E2B1-4969-AE65-2E2CEA7C0514", "versionEndExcluding": "2.2"}], "operator": "OR"}]}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com"}