ID CVE-2022-25186
Summary Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:hashicorp_vault:1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:1.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:1.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:1.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:1.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.4.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.4.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.5.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.5.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.4.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.4.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.4.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.4.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.5.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.5.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.6.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.6.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.6.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.6.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.7.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.7.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.8.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.8.0:*:*:*:*:jenkins:*:*
CVSS
Base: 4.0 (as of 23-02-2022 - 21:14)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
Last major update 23-02-2022 - 21:14
Published 15-02-2022 - 17:15
Last modified 23-02-2022 - 21:14
Back to Top