PT-2025-50360 · Jenkins · Jenkins Hashicorp Vault Plugin+1

Paul Walker

Published

2025-12-10

Updated

2025-12-14

CVE-2025-67642

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins HashiCorp Vault Plugin versions 371.v884a 4dd60fb 6 and earlier

Description The Jenkins HashiCorp Vault Plugin does not properly configure the context for Vault credential lookups. This can allow attackers who have Item/Configure permissions to access and potentially obtain Vault credentials that they should not be authorized to view.

Recommendations Update Jenkins HashiCorp Vault Plugin to a version later than 371.v884a 4dd60fb 6.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-282

Related Identifiers

BDU:2025-15963

CVE-2025-67642

GHSA-3FM2-HX3H-XM4V

Affected Products

Jenkins

Jenkins Hashicorp Vault Plugin

PT-2025-50360 · Jenkins · Jenkins Hashicorp Vault Plugin+1

CVE-2025-67642

Weakness Enumeration

Related Identifiers

Affected Products

References · 6