29 matches found
CVE-2022-23116
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...
EUVD-2022-0567
Malicious code in bioql PyPI...
EUVD-2022-0598
Malicious code in bioql PyPI...
CVE-2025-49830
Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to better understand th...
CVE-2025-49829 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validations
Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted formerly Conjur...
PT-2025-29672 · Cyberark · Conjur Oss +1
Name of the Vulnerable Software and Affected Versions: Conjur Secrets Manager, Self-Hosted versions prior to 13.5.1 and 13.6.1 Conjur OSS versions prior to 1.22.1 Description: Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to...
CVE-2022-25190
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-23117
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...
GHSA-372F-JC47-7GR5 Missing permission check in Jenkins Conjur Secrets Plugin allows enumerating credentials IDs
Conjur Secrets Plugin 1.0.11 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
CVE-2022-25190
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-25190
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-25190
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-25190
CVE-2022-25190 – Jenkins Conjur Secrets Plugin has a missing permission check in an HTTP endpoint for versions 1.0.11 and earlier, allowing attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins. The issue could enable credential enumeration and facilitate further a...
PT-2022-17130 · Jenkins · Jenkins Conjur Secrets Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Conjur Secrets Plugin versions 1.0.11 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This can be done...
Jenkins 插件 权限许可和访问控制问题漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Conjur Secrets Plugin 1.0.11 and earlier versions are vulnerable to an authorization issue that stems from not...
GHSA-CW68-XMM4-C83R Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...
CVE-2022-23116
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...
CVE-2022-23117
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...
CVE-2022-23116
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...