CNNVD-202512-1954 Information

CNNVD ID

CNNVD-202512-1954

Related CVE

CVE-2025-67642

• CNNVD Published: 2025-12-10

Description (Chinese)

Jenkins HashiCorp Vault Plugin是Jenkins开源的一个插件。 Jenkins Plugin HashiCorp Vault 371.v884a_4dd60fb_6及之前版本存在安全漏洞，该漏洞源于未设置适当的Vault凭据查找上下文，可能导致访问未授权的Vault凭据。

Description (English)

Jenkins HashiCorp Vault Plugin is an open-source plugin for Jenkins. Jenkins Plugin HashiCorp Vault 371.v884a 4dd60fb 6 and previous versions contain a security loophole stemming from the failure to set up an appropriate Vault reference to the context, which could lead to access to unauthorized Vault certificates.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Jenkins

Published

2025-12-10

Last Modified

2026-02-24

References

https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3045 https://vigilance.fr/vulnerability/Jenkins-Plugins-multiple-vulnerabilities-dated-10-12-2025-49059

Patch

https://plugins.jenkins.io/hashicorp-vault-plugin/