Jenkins Project Jenkins Conjur Secrets Plugin vulnerabilities
3 known vulnerabilities affecting jenkins_project/jenkins_conjur_secrets_plugin.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-25190MEDIUMCVSS 4.3≥ unspecified, ≤ 1.0.112022-02-15
CVE-2022-25190 [MEDIUM] CWE-862 CVE-2022-25190: A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
cvelistv5nvd
CVE-2022-23116HIGHCVSS 7.5≥ unspecified, ≤ 1.0.92022-01-12
CVE-2022-23116 [HIGH] CWE-311 CVE-2022-23116: Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.
cvelistv5nvd
CVE-2022-23117HIGHCVSS 7.5≥ unspecified, ≤ 1.0.92022-01-12
CVE-2022-23117 [HIGH] CWE-522 CVE-2022-23117: Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.
cvelistv5nvd