24 matches found
EUVD-2022-0567
Malicious code in bioql PyPI...
EUVD-2022-0598
Malicious code in bioql PyPI...
CVE-2022-25190
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-23117
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...
GHSA-372F-JC47-7GR5 Missing permission check in Jenkins Conjur Secrets Plugin allows enumerating credentials IDs
Conjur Secrets Plugin 1.0.11 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
CVE-2022-25190
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-25190
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-25190
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-25190
CVE-2022-25190 – Jenkins Conjur Secrets Plugin has a missing permission check in an HTTP endpoint for versions 1.0.11 and earlier, allowing attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins. The issue could enable credential enumeration and facilitate further a...
PT-2022-17130 · Jenkins · Jenkins Conjur Secrets Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Conjur Secrets Plugin versions 1.0.11 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This can be done...
Jenkins 插件 权限许可和访问控制问题漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Conjur Secrets Plugin 1.0.11 and earlier versions are vulnerable to an authorization issue that stems from not...
GHSA-CW68-XMM4-C83R Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...
CVE-2022-23116
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...
CVE-2022-23117
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...
CVE-2022-23117
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...
CVE-2022-23116
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...
CVE-2022-23117
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...
CVE-2022-23117
CVE-2022-23117 refers to the Jenkins Conjur Secrets Plugin (versions 1.0.9 and earlier). The description in connected documents states that attackers who can control agent processes can retrieve all username/password credentials stored on the Jenkins controller. The risk is limited to credentials...
CVE-2022-23116
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...