VYPR

Maven package

org.conjur.jenkins/conjur-credentials

pkg:maven/org.conjur.jenkins/conjur-credentials

Vulnerabilities (3)

  • CVE-2022-25190MedFeb 15, 2022
    affected < 1.0.12fixed 1.0.12

    A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

  • CVE-2022-23117HigJan 12, 2022
    affected < 1.0.10fixed 1.0.10

    Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.

  • CVE-2022-23116HigJan 12, 2022
    affected < 1.0.10fixed 1.0.10

    Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.