Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Github Security Blog
Github Security Blogadded 2025/12/10 6:30 p.m.5 views

Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

4.3CVSS6.8AI score0.00126EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2025/12/10 5:15 p.m.3 views

CVE-2025-67642

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

4.3CVSS0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/12/10 4:50 p.m.2 views

CVE-2025-67642

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

6.4AI score0.00126EPSS
Exploits0References1
CVE
CVEadded 2025/12/10 4:50 p.m.578 views

CVE-2025-67642

The CVE-2025-67642 affects the Jenkins HashiCorp Vault Plugin versions 371.v884a_4dd60fb_6 and earlier. Root cause: the plugin does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials t...

4.3CVSS6.4AI score0.00126EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2022/07/27 3:15 p.m.1 views

CVE-2022-36888

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb858fd6bf48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys...

6.5CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2022/07/27 3:15 p.m.1 views

CVE-2022-36888

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb858fd6bf48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2022/02/15 5:15 p.m.4 views

CVE-2022-25197

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system...

6.5CVSS6.7AI score0.00101EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2022/02/15 5:15 p.m.5 views

CVE-2022-25186

Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key...

6.5CVSS6.6AI score0.00074EPSS
Exploits0References2
CNNVD
CNNVDadded 2022/01/12 12:0 a.m.3 views

Jenkins 安全漏洞

Jenkins Plugin is an open source application for Jenkins. A security vulnerability exists in Jenkins Plugin HashiCorp Vault Plugin 3.7.0 that stems from the fact that Jenkins HashiCorp Vault Plugin 3.7.0 or earlier does not block the pipeline when Pipeline: Groovy Plugin 2.85 or later is installe...

6.5CVSS6.4AI score0.00047EPSS
Exploits0References6
Rows per page
Query Builder