CVE-2022-25186

CVSS v3.1 6.5 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.06 % (28^th)

Affected Products 1

Advisories 2

Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2022-02-15 17:15:09
(2 years ago)
Updated Date: 2023-11-15 03:39:13
(10 months ago)

Affected Products

Jenkins

Hashicorp Vault

Configuration #1

		CPE23	From	Up To
	Jenkins Hashicorp Vault for Jenkins 3.8.0 and prior versions	cpe:2.3:a:jenkins:hashicorp_vault::::::jenkins		<= 3.8.0