EUVD-2022-0567

Malicious code in bioql PyPI...

EUVD-2022-0598

Malicious code in bioql PyPI...

CVE-2022-25190

A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-23117

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...

Jenkins Conjur Secrets Plugin授权问题漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Conjur Secrets Plugin 1.0.11 and earlier versions are vulnerable to an authorization issue that stems from not...

Missing permission check in Jenkins Conjur Secrets Plugin allows enumerating credentials IDs

Conjur Secrets Plugin 1.0.11 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

GHSA-372F-JC47-7GR5 Missing permission check in Jenkins Conjur Secrets Plugin allows enumerating credentials IDs

Conjur Secrets Plugin 1.0.11 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

CVE-2022-25190

A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-25190

A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-25190

A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-25190

CVE-2022-25190 – Jenkins Conjur Secrets Plugin has a missing permission check in an HTTP endpoint for versions 1.0.11 and earlier, allowing attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins. The issue could enable credential enumeration and facilitate further a...

PT-2022-17130 · Jenkins · Jenkins Conjur Secrets Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Conjur Secrets Plugin versions 1.0.11 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This can be done...

Jenkins 插件 权限许可和访问控制问题漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Conjur Secrets Plugin 1.0.11 and earlier versions are vulnerable to an authorization issue that stems from not...

Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...

GHSA-CW68-XMM4-C83R Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...

Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...

GHSA-G7FX-MMJC-R7GV Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...

CVE-2022-23116

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...

CVE-2022-23117

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...

CVE-2022-23116

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...