Vulnerabilities

CVE-2022-25186

by Fred · 15/02/2022

Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.

Date published : 2022-02-15

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2429

http://www.openwall.com/lists/oss-security/2022/02/15/2

Similar

Tags: Cybersecurity Alert