{"api_version":"1","generated_at":"2026-04-23T06:21:33+00:00","cve":"CVE-2022-25186","urls":{"html":"https://cve.report/CVE-2022-25186","api":"https://cve.report/api/cve/CVE-2022-25186.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-25186","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-25186"},"summary":{"title":"CVE-2022-25186","description":"Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.","state":"PUBLIC","assigner":"jenkinsci-cert@googlegroups.com","published_at":"2022-02-15 17:15:00","updated_at":"2023-11-15 03:39:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2429","name":"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2429","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Vendor Advisory"],"title":"Jenkins Security Advisory 2022-02-15","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-25186","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25186","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"25186","vulnerable":"1","versionEndIncluding":"3.8.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jenkins","cpe5":"hashicorp_vault","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"jenkins","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-25186","qid":"376435","title":"Jenkins Plugins Multiple Security Vulnerabilities (Jenkins Security Advisory 2022-02-15)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-25186","ASSIGNER":"jenkinsci-cert@googlegroups.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Jenkins project","product":{"product_data":[{"product_name":"Jenkins HashiCorp Vault Plugin","version":{"version_data":[{"version_affected":"<=","version_name":"unspecified","version_value":"3.8.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2429","refsource":"MISC","name":"https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2429"}]}},"nvd":{"publishedDate":"2022-02-15 17:15:00","lastModifiedDate":"2023-11-15 03:39:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:jenkins:hashicorp_vault:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"3.8.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}