Vulnerabilities > Jenkins > Conjur Secrets

DATE CVE VULNERABILITY TITLE RISK
2022-02-15 CVE-2022-25190 Missing Authorization vulnerability in Jenkins Conjur Secrets
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
2022-01-12 CVE-2022-23116 Missing Encryption of Sensitive Data vulnerability in Jenkins Conjur Secrets
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.
network
low complexity
jenkins CWE-311
7.5
2022-01-12 CVE-2022-23117 Insufficiently Protected Credentials vulnerability in Jenkins Conjur Secrets
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.
network
low complexity
jenkins CWE-522
7.5