PT-2023-19589 · Jenkins · Jenkins Semantic Versioning Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Semantic Versioning Plugin versions 1.14 and earlier Description: The issue allows attackers who can control agent processes to have Jenkins parse a crafted file, potentially leading to the extraction of secrets from the Jenkins...

CVE-2022-25186

Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key...