pkg:maven/org.jenkins-ci.plugins/hashicorp-vault-plugin

Type maven

Namespace org.jenkins-ci.plugins

Name hashicorp-vault-plugin

Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/hashicorp-vault-plugin package.

Repository: https://mvnrepository.com/artifact/org.jenkins-ci.plugins/hashicorp-vault-plugin

Medium 4

Low 1

Type	Version	Distribution	# CVEs	# Advisory ID	Title	Severity	Published
Affected	<= 3.7.0		CVE-2022-23109	JENKINS:SECURITY-2213	Improper credentials masking in `hashicorp-vault-plugin`	medium	2022-01-12T00:00:00 (2 years ago)
Fixed	= 3.8.0		CVE-2022-23109	JENKINS:SECURITY-2213	Improper credentials masking in `hashicorp-vault-plugin`	medium	2022-01-12T00:00:00 (2 years ago)
Affected	<= 3.8.0		CVE-2022-25186	JENKINS:SECURITY-2429	Agent-to-controller security bypass in `hashicorp-vault-plugin`	low	2022-02-15T00:00:00 (2 years ago)
Fixed	= 336.v182c0fbaaeb7		CVE-2022-25186	JENKINS:SECURITY-2429	Agent-to-controller security bypass in `hashicorp-vault-plugin`	low	2022-02-15T00:00:00 (2 years ago)
Affected	<= 336.v182c0fbaaeb7		CVE-2022-25197	JENKINS:SECURITY-2521	Agent-to-controller security bypass in `hashicorp-vault-plugin` allows reading arbitrary files	medium	2022-02-15T00:00:00 (2 years ago)
Affected	<= 354.vdb_858fd6b_f48		CVE-2022-36888	JENKINS:SECURITY-2593	Missing permission checks in `hashicorp-vault-plugin` allow capturing credentials	medium	2022-07-27T00:00:00 (2 years ago)
Fixed	= 355.v3b_38d767a_b_a_8		CVE-2022-36888	JENKINS:SECURITY-2593	Missing permission checks in `hashicorp-vault-plugin` allow capturing credentials	medium	2022-07-27T00:00:00 (2 years ago)
Affected	<= 360.v0a_1c04cf807d		CVE-2023-33001	JENKINS:SECURITY-3077	Improper masking of credentials in `hashicorp-vault-plugin`	medium	2023-05-16T00:00:00 (16 months ago)