What is the severity of CVE-2022-43419?

The severity of CVE-2022-43419 is medium with a CVSS score of 6.5.

Is there a fix available for Jenkins Katalon Plugin vulnerability CVE-2022-43419?

Yes, the fix for Jenkins Katalon Plugin vulnerability CVE-2022-43419 is to upgrade to version 1.0.33.

What is the Common Weakness Enumeration (CWE) ID related to CVE-2022-43419?

The Common Weakness Enumeration (CWE) IDs related to CVE-2022-43419 are CWE-256 and CWE-522.

Vulnerability/
CVE-2022-43419

medium

6.5

CWE

256 522

19/10/2022

3/8/2024

CVE-2022-43419

Q: Who can view the stored API keys in Jenkins Katalon Plugin 1.0.32 and earlier?

Users with Item/Extended Read permission or access to the Jenkins controller file system can view the stored API keys.

First published: Wed Oct 19 2022(Updated: )

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job `config.xml` files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Katalon Plugin 1.0.33 no longer stores the API keys directly, instead accessing them through its [Credentials Plugin](https://plugins.jenkins.io/credentials) integration, once affected job configurations are saved again.

Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
maven/org.jenkins-ci.plugins:katalon	<1.0.33	1.0.33
Jenkins Katalon	<1.0.33

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-43419?
The severity of CVE-2022-43419 is medium with a CVSS score of 6.5.
How does Jenkins Katalon Plugin 1.0.32 and earlier store API keys?
Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller.
Who can view the stored API keys in Jenkins Katalon Plugin 1.0.32 and earlier?
Users with Item/Extended Read permission or access to the Jenkins controller file system can view the stored API keys.
Is there a fix available for Jenkins Katalon Plugin vulnerability CVE-2022-43419?
Yes, the fix for Jenkins Katalon Plugin vulnerability CVE-2022-43419 is to upgrade to version 1.0.33.
What is the Common Weakness Enumeration (CWE) ID related to CVE-2022-43419?
The Common Weakness Enumeration (CWE) IDs related to CVE-2022-43419 are CWE-256 and CWE-522.

collector/github-advisory-latest
alias/GHSA-35rx-7pc8-6963
alias/CVE-2022-43419
collector/github-advisory
collector/nvd-index
collector/nvd-cve
collector/nvd-api
agent/type
agent/softwarecombine
agent/weakness
agent/references
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/severity
agent/tags
agent/event
agent/description
agent/first-publish-date
agent/trending
package-manager/maven
vendor/jenkins
canonical/jenkins katalon

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.