Описание
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.
Пакеты
Наименование
org.conjur.jenkins:conjur-credentials
maven
Затронутые версииВерсия исправления
< 1.0.10
1.0.10
Связанные уязвимости
CVSS3: 7.5
nvd
около 4 лет назад
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.