CVE-2022-25197

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
jenkinsCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
jenkinshashicorp_vault
𝑥
≤ 336.v182c0fbaaeb7
𝑥
= Vulnerable software versions
References
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2521
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2521