Vulnerability Description
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Conjur Secrets | <= 1.0.9 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/01/12/6Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%281%29Vendor Advisory
- http://www.openwall.com/lists/oss-security/2022/01/12/6Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%281%29Vendor Advisory
FAQ
What is CVE-2022-23116?
CVE-2022-23116 is a vulnerability with a CVSS score of 7.5 (HIGH). Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.
How severe is CVE-2022-23116?
CVE-2022-23116 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23116?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Conjur Secrets.