Lucene search

K
cvelistJenkinsCVELIST:CVE-2022-23117
HistoryJan 12, 2022 - 7:06 p.m.

CVE-2022-23117

2022-01-1219:06:25
jenkins
www.cve.org

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.

CNA Affected

[
  {
    "product": "Jenkins Conjur Secrets Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.0.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 1.0.9",
        "versionType": "custom"
      }
    ]
  }
]

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

Related for CVELIST:CVE-2022-23117