CVE-2022-25186medium
Description
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.
References
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2429
Details
Source: MITRE
Published: 2022-02-15
Updated: 2022-02-23
Type: NVD-CWE-noinfo
Risk Information
CVSS v2
Base Score: 4
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8
Severity: MEDIUM
CVSS v3
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM