CVE-2022-23116

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
jenkinsCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
jenkinsconjur_secrets
𝑥
≤ 1.0.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2022/01/12/6
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%281%29
http://www.openwall.com/lists/oss-security/2022/01/12/6
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%281%29