Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jenkins Subscribe
Filtered by product Conjur Secrets
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25190 1 Jenkins 1 Conjur Secrets 2022-02-23 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-23117 1 Jenkins 1 Conjur Secrets 2022-01-19 5.0 MEDIUM 7.5 HIGH
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.
CVE-2022-23116 1 Jenkins 1 Conjur Secrets 2022-01-18 5.0 MEDIUM 7.5 HIGH
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.