CVE-2022-23116

Опубликовано: 12 янв. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.

Ссылки

http://www.openwall.com/lists/oss-security/2022/01/12/6
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%281%29
Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/01/12/6
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%281%29
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:conjur_secrets:*:*:*:*:*:jenkins:*:*

Версия до 1.0.9 (включая)

EPSS

Процентиль: 24%

0.0008

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-311

Связанные уязвимости

GHSA-g7fx-mmjc-r7gv

CVSS3: 5.3

github

около 4 лет назад

Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets