Jenkins Hashicorp_vault
6 CVEs affecting Jenkins Hashicorp_vault. Latest disclosed: 2025-12-10. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-33001 | High | 7.5 | 2023-05-16 | Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode… |
CVE-2022-36888 | Medium | 6.5 | 2022-07-27 | A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credential… |
CVE-2022-25197 | Medium | 6.5 | 2022-02-15 | Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins contro… |
CVE-2022-25186 | Medium | 6.5 | 2022-02-15 | Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allow… |
CVE-2022-23109 | Medium | 6.5 | 2022-01-12 | Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy… |
CVE-2025-67642 | Medium | 4.3 | 2025-12-10 | Jenkins HashiCorp Vault Plugin 371.v884a_4dd60fb_6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/… |