#VU68568 Cleartext storage of sensitive information in Katalon - CVE-2022-43419
Published: October 21, 2022
Vulnerability identifier: #VU68568
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-43419
CWE-ID: CWE-312
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Katalon
Katalon
Software vendor:
Jenkins
Jenkins
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected plugin stores API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. A remote user can view these API keys.
Remediation
Install updates from vendor's website.