CVE-2022-25186

Summary

Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins HashiCorp Vault Pluginunspecified <= 3.8.0affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References