cvedb.io
CVE-2022-25186
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2022-02-15T17:15:09.410 · Last modified 2026-06-17T04:33:10.250

Summary

Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.

Affected products

jenkins — hashicorp_vault

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.