PT-2025-50360 · Jenkins · Jenkins Hashicorp Vault Plugin+1

Paul Walker

·

Publicado

2025-12-10

·

Atualizado

2025-12-14

·

CVE-2025-67642

CVSS v3.1

4.3

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Jenkins HashiCorp Vault Plugin versions 371.v884a 4dd60fb 6 and earlier
Description The Jenkins HashiCorp Vault Plugin does not properly configure the context for Vault credential lookups. This can allow attackers who have Item/Configure permissions to access and potentially obtain Vault credentials that they should not be authorized to view.
Recommendations Update Jenkins HashiCorp Vault Plugin to a version later than 371.v884a 4dd60fb 6.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-282

Identificadores relacionados

BDU:2025-15963
CVE-2025-67642
GHSA-3FM2-HX3H-XM4V

Produtos afetados

Jenkins
Jenkins Hashicorp Vault Plugin