Lucene search

[email protected]CVE-2022-25197

HistoryFeb 15, 2022 - 5:15 p.m.

CVE-2022-25197

2022-02-1517:15:10

[email protected]

web.nvd.nist.gov

cve-2022-25197

jenkins

hashicorp vault plugin

file system

security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.2%

JSON

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.

Affected configurations

NVD

Node

jenkinshashicorp_vaultRange≤336.v182c0fbaaeb7jenkins

CPENameOperatorVersion
jenkins:hashicorp_vaultjenkins hashicorp vaultle336.v182c0fbaaeb7

CPE	Name	Operator	Version
jenkins:hashicorp_vault	jenkins hashicorp vault	le	336.v182c0fbaaeb7

CNA Affected

[
  {
    "product": "Jenkins HashiCorp Vault Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "336.v182c0fbaaeb7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 336.v182c0fbaaeb7",
        "versionType": "custom"
      }
    ]
  }
]