CVE-2022-25186
LOW3.1EPSS 0.07%Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin
發布日:2022/2/16修改日:2023/11/8
描述
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.
受影響套件(1)
- Maven/com.datapipe.jenkins.plugins:hashicorp-vault-pluginfrom 0, < 336.v182c0fbaaeb7
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.1 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |