Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Conjur_secrets | Jenkins | * | 1.0.9 (including) |