Jenkins HashiCorp Vault Plugin: Unauthorized Retrieval of Vault Secrets by Agent Processes
CVE-2022-25186 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.
Learn more about our Web Application Penetration Testing UK.