Lucene search
GoogleOSV:GHSA-CW68-XMM4-C83RHistoryJan 13, 2022 - 12:00 a.m.
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials
2022-01-1300:00:53
Google
osv.dev
10
jenkins
conjur secrets plugin
security bypass
credentials
software
EPSS
0.002
Percentile
55.4%
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.
References
www.openwall.com/lists/oss-security/2022/01/12/6
github.com/jenkinsci/conjur-credentials-plugin
github.com/jenkinsci/conjur-credentials-plugin/pull/19
github.com/jenkinsci/conjur-credentials-plugin/releases/tag/conjur-credentials-1.0.10
nvd.nist.gov/vuln/detail/CVE-2022-23117
www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20(2)
Related
prion
prion
Default credentials
2022-01-12 20:15:00
cvelist
cvelist
CVE-2022-23117
2022-01-12 19:06:25
cve
cve
CVE-2022-23117
2022-01-12 20:15:09
github
github
nvd
nvd
CVE-2022-23117
2022-01-12 20:15:09
nessus
nessus
Jenkins Enterprise and Operations Center < 2.277.43.0.5 / 2.319.2.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-01-12)
2022-02-15 00:00:00
Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 Multiple Vulnerabilities
2022-01-21 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-01-12)
2022-01-21 00:00:00