Skip to main content

Hashicorp Vault

2 CVEs product

Monthly

CVE-2023-33001 Maven HIGH This Week

Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Hashicorp Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-36888 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Jenkins Hashicorp Vault
NVD
CVSS 3.1
6.5
EPSS
0.6%
EPSS 1% CVSS 7.5
HIGH This Week

Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Hashicorp +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Jenkins +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy