Vulnerability in Jenkins Hashicorp_vault

CVE-2022-25186

Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an att…

EPSS: 0.008 (51.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

References

Frequently asked questions

What is CVE-2022-25186?
CVE-2022-25186 is a medium-severity vulnerability in Jenkins Hashicorp_vault. CVSS score: 6.5/10. Published 2022-02-15.
How severe is CVE-2022-25186?
Medium severity. CVSS v3 base score is 6.5 out of 10.