What is the severity of CVE-2022-25197?

CVE-2022-25197 has a high severity level due to the potential for unauthorized file access on the Jenkins controller.

How do I fix CVE-2022-25197?

To remediate CVE-2022-25197, update the Jenkins HashiCorp Vault Plugin to version 351.vdb_f83a_1c6a_9d or later.

What types of systems are affected by CVE-2022-25197?

CVE-2022-25197 affects Jenkins installations using the HashiCorp Vault Plugin version 336.v182c0fbaaeb7 or earlier.

What can attackers do with CVE-2022-25197?

Attackers could exploit CVE-2022-25197 to read arbitrary files from the Jenkins controller's file system.

Is CVE-2022-25197 exploitable remotely?

Yes, CVE-2022-25197 can be exploited remotely if an attacker has access to Jenkins agent processes.

Vulnerability/
CVE-2022-25197

medium

6.5

CWE

693

15/2/2022

16/2/2022

3/8/2024

CVE-2022-25197

First published: Tue Feb 15 2022(Updated: )

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.

Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
maven/com.datapipe.jenkins.plugins:hashicorp-vault-plugin	<=336.v182c0fbaaeb7	351.vdb_f83a_1c6a_9d
HashiCorp Vault	<=336.v182c0fbaaeb7

Remedy

https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2521

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-25197?
CVE-2022-25197 has a high severity level due to the potential for unauthorized file access on the Jenkins controller.
How do I fix CVE-2022-25197?
To remediate CVE-2022-25197, update the Jenkins HashiCorp Vault Plugin to version 351.vdb_f83a_1c6a_9d or later.
What types of systems are affected by CVE-2022-25197?
CVE-2022-25197 affects Jenkins installations using the HashiCorp Vault Plugin version 336.v182c0fbaaeb7 or earlier.
What can attackers do with CVE-2022-25197?
Attackers could exploit CVE-2022-25197 to read arbitrary files from the Jenkins controller's file system.
Is CVE-2022-25197 exploitable remotely?
Yes, CVE-2022-25197 can be exploited remotely if an attacker has access to Jenkins agent processes.

collector/github-advisory-latest
alias/GHSA-2587-w93g-63m2
alias/CVE-2022-25197
collector/github-advisory
agent/type
agent/remedy
agent/author
agent/weakness
agent/severity
agent/references
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
collector/nvd-index
package-manager/maven
vendor/jenkins
canonical/hashicorp vault
version/hashicorp vault/336.v182c0fbaaeb7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.