CVE-2026-33004
Jenkins LoadNinja Plugin does not mask LoadNinja API keys displayed on the job configuration form
4.3
MEDIUM
CVSS 3.1
EPSS 0.04%
Description
Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
How to fix CVE-2026-33004
To remediate CVE-2026-33004, upgrade the affected package to a fixed version below.
- —upgrade to 2.2 or later
Is CVE-2026-33004 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |