cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-33001,https://securityvulnerability.io/vulnerability/CVE-2023-33001,Credential Exposure in Jenkins HashiCorp Vault Plugin,"The Jenkins HashiCorp Vault Plugin fails to adequately mask sensitive credentials in the build log when durable task logging is activated in push mode. This oversight can potentially expose sensitive information, leading to security risks, especially in multi-user environments where logs may be accessible by unauthorized personnel.",Jenkins,Jenkins Hashicorp Vault Plugin,7.5,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-05-16T17:15:00.000Z,0
CVE-2022-36888,https://securityvulnerability.io/vulnerability/CVE-2022-36888,Missing Permission Check in Jenkins Vault Plugin Exposes Sensitive Data,"A significant vulnerability exists in the Jenkins HashiCorp Vault Plugin which fails to enforce proper permissions. This flaw allows users with Overall/Read permission to exploit the system and gain unauthorized access to credentials stored in the Vault. By specifying paths and keys, attackers can retrieve sensitive data, compromising the security of the Jenkins environment.",Jenkins,Jenkins Hashicorp Vault Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-07-27T14:22:14.000Z,0
CVE-2022-25197,https://securityvulnerability.io/vulnerability/CVE-2022-25197,File Reading Vulnerability in Jenkins HashiCorp Vault Plugin,"The Jenkins HashiCorp Vault Plugin prior to version 336.v182c0fbaaeb7 allows misconfigurations that enable agent processes to access sensitive files from the Jenkins controller file system. This can lead to unauthorized exposure of critical information, significantly increasing the risk of data breaches and system compromise.",Jenkins,Jenkins Hashicorp Vault Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-02-15T16:11:28.000Z,0
CVE-2022-25186,https://securityvulnerability.io/vulnerability/CVE-2022-25186,Jenkins HashiCorp Vault Plugin Allows Agent Processes to Retrieve Sensitive Secrets,"The Jenkins HashiCorp Vault Plugin, in versions 3.8.0 and earlier, has a vulnerability that allows agent processes to access sensitive Vault secrets. This security flaw enables attackers who can control these agent processes to retrieve secrets from an arbitrary path and key in the Vault, posing a significant risk to sensitive information stored within the environment.",Jenkins,Jenkins Hashicorp Vault Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-02-15T16:11:11.000Z,0
CVE-2022-23109,https://securityvulnerability.io/vulnerability/CVE-2022-23109,Jenkins HashiCorp Vault Plugin Vulnerability Affects Log Security,"The Jenkins HashiCorp Vault Plugin, up to version 3.7.0, does not adequately mask Vault credentials in Pipeline build logs and Pipeline step descriptions when used alongside Pipeline: Groovy Plugin 2.85 or later. This oversight can lead to sensitive information being inadvertently exposed, putting the integrity and confidentiality of secret management processes at risk. Organizations using this plugin should take immediate steps to secure their environments and monitor logs for any unintended credential disclosures.",Jenkins,Jenkins Hashicorp Vault Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-01-12T19:06:09.000Z,0