Filtered by vendor Jenkins Subscriptions
Filtered by product Conjur Secrets Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-25190 1 Jenkins 1 Conjur Secrets 2024-10-15 4.3 Medium
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-23117 1 Jenkins 1 Conjur Secrets 2024-08-03 7.5 High
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.
CVE-2022-23116 1 Jenkins 1 Conjur Secrets 2024-08-03 7.5 High
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.