Primary

Context

Jenkins Apica Loadtest Plugin Authentication Token Exposure Vulnerability

Vulnerability

A vulnerability exists in the Apica Loadtest Plugin for Jenkins, specifically in versions through 1.10. The plugin fails to properly mask authentication tokens in the job configuration form, which could allow attackers to observe and capture these tokens. Additionally, the plugin stores these tokens unencrypted in job configuration files on the Jenkins controller, where they can be accessed by users with certain permissions or file system access.

Impact

The vulnerability increases the risk of token theft, as unmasked tokens can be easily observed and captured by an attacker.

Remediation

Users of the Apica Loadtest Plugin should update to version 1.10.1 or later, where this vulnerability has been addressed.

Added: Jul 9, 2025, 4:48 PM

Updated: Jul 9, 2025, 4:48 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins Apica Loadtest Plugin Authentication Token Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating