Vulnerability in Jenkins Hashicorp_vault
CVE-2022-25186
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an att…
EPSS: 0.008 (51.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Jenkins Hashicorp_vault
- Jenkins Project Hashicorp Vault Plugin — versions unspecified
References
- jenkinsci-cert@googlegroups.com (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
Frequently asked questions
- What is CVE-2022-25186?
- CVE-2022-25186 is a medium-severity vulnerability in Jenkins Hashicorp_vault. CVSS score: 6.5/10. Published 2022-02-15.
- How severe is CVE-2022-25186?
- Medium severity. CVSS v3 base score is 6.5 out of 10.