CVE-2022-25186 is a vulnerability in Jenkins Hashicorp Vault
Published on February 15, 2022
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.
Products Associated with CVE-2022-25186
Want to know whenever a new CVE is published for Jenkins Hashicorp Vault? stack.watch will email you.
Affected Versions
Jenkins project Jenkins HashiCorp Vault Plugin:- Version unspecified, <= 3.8.0 is affected.
Exploit Probability
EPSS
0.07%
Percentile
22.26%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.