Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins hashicorp vault vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33001
Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and previous versions does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Jenkins Hashicorp Vault
NA
CVE-2022-36888
A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and previous versions allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys.
Jenkins Hashicorp Vault
356
VMScore
CVE-2022-25186
Jenkins HashiCorp Vault Plugin 3.8.0 and previous versions implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.
Jenkins Hashicorp Vault
356
VMScore
CVE-2022-25197
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and previous versions implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
Jenkins Hashicorp Vault
357
VMScore
CVE-2022-23109
Jenkins HashiCorp Vault Plugin 3.7.0 and previous versions does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.
Jenkins Hashicorp Vault
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started