WordPress Two-factor authentication (formerly IP Vault) plugin <= 2.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin IP Vault – WP Firewall versions = 2.1...

CVE-2022-23109

Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed...

CVE-2025-67642

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

Improper Credential Access Control

Jenkins HashiCorp Vault Plugin is vulnerable to an Improper Credential Access Control. The vulnerability is due to failure to set the correct context during Vault credential lookups, where attackers with only Item/Configure permission can trick the plugin into returning Vault credentials outside...

GHSA-3FM2-HX3H-XM4V Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

CVE-2025-67642

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

CVE-2025-67642

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

CVE-2025-67642

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

CVE-2025-67642

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

CVE-2025-67642

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

CVE-2025-67642

The CVE-2025-67642 affects the Jenkins HashiCorp Vault Plugin versions 371.v884a_4dd60fb_6 and earlier. Root cause: the plugin does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials t...

Jenkins HashiCorp Vault Plugin 安全漏洞

Jenkins HashiCorp Vault Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Plugin HashiCorp Vault 371.v884a4dd60fb6 and prior versions, which stems from a failure to set up the proper Vault credential lookup context, which could result in access to unauthorize...

Jenkins plugins Multiple Vulnerabilities (2025-12-10)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage result...

EUVD-2024-40459

Malicious code in bioql PyPI...

Arbitrary Code Injection

Overview github.com/hashicorp/vault/vault is a tool for securely accessing secrets. Affected versions of this package are vulnerable to Arbitrary Code Injection on the host by exploiting write permissions in the root namespace, creating audit files in the plugin directory, and using the plugin...

CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

CVE-2023-30514

Jenkins Azure Key Vault Plugin 187.vacd5fecd198a and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

CVE-2023-33001

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

CVE-2022-25186

Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key...