CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25190
https://notcve.org/view.php?id=CVE-2022-25190
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una falta de comprobación de permisos en Jenkins Conjur Secrets Plugin versiones 1.0.11 y anteriores, permite a atacantes con permiso Overall/Read enumerar los ID de las credenciales almacenadas en Jenkins • https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2350 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23117
https://notcve.org/view.php?id=CVE-2022-23117
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller. Jenkins Conjur Secrets Plugin versiones 1.0.9 y anteriores, implementan una funcionalidad que permite a atacantes capaces de controlar los procesos del agente recuperar todas las credenciales de nombre de usuario/contraseña almacenadas en el controlador Jenkins • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%282%29 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23116
https://notcve.org/view.php?id=CVE-2022-23116
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method. Jenkins Conjur Secrets Plugin versiones 1.0.9 y anteriores, implementan una funcionalidad que permite a atacantes capaces de controlar los procesos del agente descifrar los secretos almacenados en Jenkins obtenidos mediante otro método • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%281%29 • CWE-311: Missing Encryption of Sensitive Data •