Jenkins Conjur Secrets Plugin: Agent Process Control Vulnerability

Jenkins Conjur Secrets Plugin: Agent Process Control Vulnerability

CVE-2022-23116 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.

Learn more about our Web Application Penetration Testing UK.