2 matches found
Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials
Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...
Jenkins 安全漏洞
Jenkins Plugin is an open source application for Jenkins. A security vulnerability exists in Jenkins Plugin HashiCorp Vault Plugin 3.7.0 that stems from the fact that Jenkins HashiCorp Vault Plugin 3.7.0 or earlier does not block the pipeline when Pipeline: Groovy Plugin 2.85 or later is installe...