com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package com.datapipe.jenkins.plugins:hashicorp-vault-plugin, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2023-33001 — CVSS 7.5 (high): Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the…
CVE-2022-23109 — CVSS 6.5 (medium): Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions…
CVE-2022-25186 — CVSS 6.5 (medium): Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use…
CVE-2022-25197 — CVSS 6.5 (medium): Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files…
CVE-2022-36888 — CVSS 6.5 (medium): A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission…
CVE-2025-67642 — CVSS 4.3 (medium): Jenkins HashiCorp Vault Plugin 371.v884a_4dd60fb_6 and earlier does not set the appropriate context for Vault credentials lookup, allowing…