Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for conjur_secrets by jenkins

    CVE-2022-25190 (GCVE-0-2022-25190)

    Vulnerability from nvd – Published: 2022-02-15 16:11 – Updated: 2024-10-15 17:13
    VLAI
    Summary
    A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Conjur Secrets Plugin Affected: unspecified , ≤ 1.0.11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:36:05.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2350"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-25190",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:09:27.330379Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T17:13:57.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Conjur Secrets Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:19:49.895Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2350"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2022-25190",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Conjur Secrets Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.0.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862: Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2350",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2350"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-25190",
        "datePublished": "2022-02-15T16:11:17.000Z",
        "dateReserved": "2022-02-15T00:00:00.000Z",
        "dateUpdated": "2024-10-15T17:13:57.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23117 (GCVE-0-2022-23117)

    Vulnerability from nvd – Published: 2022-01-12 19:06 – Updated: 2024-08-03 03:36
    VLAI
    Summary
    Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Conjur Secrets Plugin Affected: unspecified , ≤ 1.0.9 (custom)
    Unknown: next of 1.0.9 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:36:20.033Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%282%29"
              },
              {
                "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Conjur Secrets Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 1.0.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:19:25.878Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%282%29"
            },
            {
              "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2022-23117",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Conjur Secrets Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.0.9"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "1.0.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-693: Protection Mechanism Failure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20(2)",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20(2)"
                },
                {
                  "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-23117",
        "datePublished": "2022-01-12T19:06:25.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:36:20.033Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23116 (GCVE-0-2022-23116)

    Vulnerability from nvd – Published: 2022-01-12 19:06 – Updated: 2024-08-03 03:36
    VLAI
    Summary
    Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Conjur Secrets Plugin Affected: unspecified , ≤ 1.0.9 (custom)
    Unknown: next of 1.0.9 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:36:19.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%281%29"
              },
              {
                "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Conjur Secrets Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 1.0.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:19:24.585Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%281%29"
            },
            {
              "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2022-23116",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Conjur Secrets Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.0.9"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "1.0.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-693: Protection Mechanism Failure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20(1)",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20(1)"
                },
                {
                  "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-23116",
        "datePublished": "2022-01-12T19:06:23.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:36:19.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25190 (GCVE-0-2022-25190)

    Vulnerability from cvelistv5 – Published: 2022-02-15 16:11 – Updated: 2024-10-15 17:13
    VLAI
    Summary
    A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Conjur Secrets Plugin Affected: unspecified , ≤ 1.0.11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:36:05.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2350"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-25190",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:09:27.330379Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T17:13:57.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Conjur Secrets Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:19:49.895Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2350"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2022-25190",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Conjur Secrets Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.0.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862: Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2350",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2350"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-25190",
        "datePublished": "2022-02-15T16:11:17.000Z",
        "dateReserved": "2022-02-15T00:00:00.000Z",
        "dateUpdated": "2024-10-15T17:13:57.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23117 (GCVE-0-2022-23117)

    Vulnerability from cvelistv5 – Published: 2022-01-12 19:06 – Updated: 2024-08-03 03:36
    VLAI
    Summary
    Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Conjur Secrets Plugin Affected: unspecified , ≤ 1.0.9 (custom)
    Unknown: next of 1.0.9 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:36:20.033Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%282%29"
              },
              {
                "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Conjur Secrets Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 1.0.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:19:25.878Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%282%29"
            },
            {
              "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2022-23117",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Conjur Secrets Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.0.9"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "1.0.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-693: Protection Mechanism Failure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20(2)",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20(2)"
                },
                {
                  "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-23117",
        "datePublished": "2022-01-12T19:06:25.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:36:20.033Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23116 (GCVE-0-2022-23116)

    Vulnerability from cvelistv5 – Published: 2022-01-12 19:06 – Updated: 2024-08-03 03:36
    VLAI
    Summary
    Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Conjur Secrets Plugin Affected: unspecified , ≤ 1.0.9 (custom)
    Unknown: next of 1.0.9 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:36:19.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%281%29"
              },
              {
                "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Conjur Secrets Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 1.0.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:19:24.585Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%281%29"
            },
            {
              "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2022-23116",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Conjur Secrets Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.0.9"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "1.0.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-693: Protection Mechanism Failure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20(1)",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20(1)"
                },
                {
                  "name": "[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-23116",
        "datePublished": "2022-01-12T19:06:23.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:36:19.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }