CVE-2022-25197
Description
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.101
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-25197 are fixed in Jenkins - hashicorp-vault-plugin 351.vdb_f83a_1c6a_9d | Windows |
| Vulnerabilities CVE-2022-25197 are fixed in Jenkins - hashicorp-vault-plugin for Linux 351.vdb_f83a_1c6a_9d | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234