Lucene search

K
cve[email protected]CVE-2022-36888
HistoryJul 27, 2022 - 3:15 p.m.

CVE-2022-36888

2022-07-2715:15:09
CWE-862
web.nvd.nist.gov
52
5
cve-2022-36888
jenkins
hashicorp vault plugin
permission check
credentials
security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

28.6%

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys.

Affected configurations

NVD
Node
jenkinshashicorp_vaultRange354.vdb_858fd6b_f48jenkins

CNA Affected

[
  {
    "product": "Jenkins HashiCorp Vault Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "354.vdb_858fd6b_f48",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

28.6%