CVE-2022-23116

Name of the Vulnerable Software and Affected Versions Jenkins Conjur Secrets Plugin versions 1.0.9 and earlier

Description The issue allows attackers who can control agent processes to decrypt secrets stored in Jenkins, which were obtained through another method. This is possible due to the implementation of certain functionality in the plugin.

Recommendations For Jenkins Conjur Secrets Plugin versions 1.0.9 and earlier, update to a version later than 1.0.9 to resolve the issue. As a temporary workaround, consider restricting access to agent processes to minimize the risk of exploitation.