Main Vulnerability Database Vulnerabilities #VU59610

Information disclosure in Conjur Secrets - CVE-2022-23116

Published: January 14, 2022 / Updated: December 15, 2022

Vulnerability identifier: #VU59610

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-23116

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Conjur Secrets

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected plugin implements functionality that allows agent processes to obtain the plain text of any attacker-provided encrypted secret. A remote attacker can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

External links

https://jenkins.io/security/advisory/2022-01-12/

Information disclosure in Conjur Secrets - CVE-2022-23116

Description

Remediation

External links

Please verify you're human