Jenkins Hashicorp Vault — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Hashicorp Vault, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-33001 — CVSS 7.5 (high): Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the…
CVE-2022-23109 — CVSS 6.5 (medium): Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions…
CVE-2022-25186 — CVSS 6.5 (medium): Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use…
CVE-2022-25197 — CVSS 6.5 (medium): Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files…
CVE-2022-36888 — CVSS 6.5 (medium): A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission…
CVE-2025-67642 — CVSS 4.3 (medium): Jenkins HashiCorp Vault Plugin 371.v884a_4dd60fb_6 and earlier does not set the appropriate context for Vault credentials lookup, allowing…