CVE Vulnerabilities

CVE-2022-25197

Published: Feb 15, 2022 | Modified: Feb 23, 2022
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.

Affected Software

Name Vendor Start Version End Version
Hashicorp_vault Jenkins * 336.v182c0fbaaeb7

References