Vulnerability Details : CVE-2022-25197
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
Exploit prediction scoring system (EPSS) score for CVE-2022-25197
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 27 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-25197
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2022-25197
-
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2521
Jenkins Security Advisory 2022-02-15Issue Tracking;Patch;Vendor Advisory
Products affected by CVE-2022-25197
- cpe:2.3:a:jenkins:hashicorp_vault:*:*:*:*:*:jenkins:*:*