CVE-2022-25197

EUVD-2022-0757
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
jenkinshashicorp_vault
𝑥
≤ 336.v182c0fbaaeb7
𝑥
= Vulnerable software versions
References
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2521
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2521