Jenkins · Jenkins Hashicorp Vault Plugin · CVE-2025-67642
**Name of the Vulnerable Software and Affected Versions**
Jenkins HashiCorp Vault Plugin versions 371.v884a 4dd60fb 6 and earlier
**Description**
The Jenkins HashiCorp Vault Plugin does not properly configure the context for Vault credential lookups. This can allow attackers who have Item/Configure permissions to access and potentially obtain Vault credentials that they should not be authorized to view.
**Recommendations**
Update Jenkins HashiCorp Vault Plugin to a version later than 371.v884a 4dd60fb 6.