Moderate severityNVD Advisory· Published Mar 18, 2026· Updated Mar 18, 2026
CVE-2026-33003
CVE-2026-33003
Description
Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:loadninjaMaven | < 2.2 | 2.2 |
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-qqjr-hf5h-jx3qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33003ghsaADVISORY
- www.jenkins.io/security/advisory/2026-03-18/ghsavendor-advisoryWEB
News mentions
1- Jenkins Security Advisory 2026-03-18Jenkins Security Advisories · Mar 18, 2026