ID CVE-2022-25197
Summary Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:hashicorp_vault:1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:1.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:1.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:1.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:1.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.4.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.4.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:2.5.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:2.5.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.4.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.4.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.4.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.4.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.5.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.5.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.6.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.6.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.6.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.6.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.7.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.7.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:3.8.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:3.8.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:hashicorp_vault:336.v182c0fbaaeb7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:hashicorp_vault:336.v182c0fbaaeb7:*:*:*:*:jenkins:*:*
CVSS
Base: 4.0 (as of 23-02-2022 - 19:28)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
Last major update 23-02-2022 - 19:28
Published 15-02-2022 - 17:15
Last modified 23-02-2022 - 19:28
Back to Top