Описание
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.
Пакеты
Наименование
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
maven
Затронутые версииВерсия исправления
<= 3.8.0
336.v182c0fbaaeb7
Связанные уязвимости
CVSS3: 6.5
nvd
почти 4 года назад
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.