Cleartext storage of sensitive information in Katalon - CVE-2022-43419
Published: October 21, 2022
Vulnerability identifier: #VU68568
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-43419
CWE-ID: CWE-312
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Jenkins
Affected software:
Katalon
Katalon
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected plugin stores API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. A remote user can view these API keys.
How to mitigate CVE-2022-43419
Install updates from vendor's website.