CVE-2022-25190
First published: Tue Feb 15 2022(Updated: )
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Conjur Secrets | <=1.0.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this Jenkins Conjur Secrets Plugin vulnerability?
The vulnerability ID of this Jenkins Conjur Secrets Plugin vulnerability is CVE-2022-25190.
What is the title of this vulnerability?
The title of this vulnerability is 'A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.'
What is the affected software?
The affected software is Jenkins Conjur Secrets Plugin version 1.0.11 and earlier.
What is the severity of this vulnerability?
The severity of this vulnerability is medium with a severity value of 4.3.
How can the vulnerability be exploited?
Attackers with Overall/Read permission can exploit this vulnerability to enumerate credentials IDs of credentials stored in Jenkins.
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/jenkins
- canonical/jenkins conjur secrets
- version/jenkins conjur secrets/1.0.11