CVE-2022-23116

CWE-3115 documents5 sources

Severity

7.5HIGH

EPSS

0.0%

top 88.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Conjur Secrets Plugin Jenkins Conjur Secrets

Timeline

PublishedJan 12

Latest updateJan 13

Description

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_conjur_secrets_pluginunspecified — 1.0.9

▶NVDjenkins/conjur_secrets1.0.9

▶Mavenorg.conjur.jenkins:conjur-credentials< 1.0.10

🔴Vulnerability Details

OSV

Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets↗2022-01-13

▶

GHSA

Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets↗2022-01-13

▶

CVEList

CVE-2022-23116: Jenkins Conjur Secrets Plugin 1↗2022-01-12

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2022-01-12↗2022-01-12

▶