CVE-2022-25186
MEDIUMJenkins HashiCorp Vault Plugin <3.8.0 - Privilege Escalation
Title source: llmDescription
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2429
Scores
CVSS v3
6.5
EPSS
0.0007
EPSS Percentile
22.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (2)
com.datapipe.jenkins.plugins/hashicorp-vault-plugin
0 - 336.v182c0fbaaeb7Maven
jenkins/hashicorp_vault
< 3.8.0
Published
Feb 15, 2022
Tracked Since
Feb 18, 2026