Maven package
org.conjur.jenkins/conjur-credentials
pkg:maven/org.conjur.jenkins/conjur-credentials
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-25190 | Med | 4.3 | < 1.0.12 | 1.0.12 | Feb 15, 2022 | A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |
| CVE-2022-23117 | Hig | 7.5 | < 1.0.10 | 1.0.10 | Jan 12, 2022 | Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller. | |
| CVE-2022-23116 | Hig | 7.5 | < 1.0.10 | 1.0.10 | Jan 12, 2022 | Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method. |
- affected < 1.0.12fixed 1.0.12
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- affected < 1.0.10fixed 1.0.10
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.
- affected < 1.0.10fixed 1.0.10
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.