CVE-2022-25186

EUVD-2022-0983
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
jenkinshashicorp_vault
𝑥
≤ 3.8.0
𝑥
= Vulnerable software versions
References
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2429
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2429