CVE-2022-23116

HIGH

Jenkins Conjur Secrets Plugin < 1.0.9 - Sensitive Data Exposure via Agent Process Decryption

Title source: llm

Description

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%281%29

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2022/01/12/6

Scores

CVSS v3 7.5

EPSS 0.0083

EPSS Percentile 52.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-311

Status published

Products (2)

jenkins/conjur_secrets < 1.0.9

org.conjur.jenkins/conjur-credentials 0 - 1.0.10Maven

Published Jan 12, 2022

Tracked Since Feb 18, 2026