logo

Database

Excessive privileges In com.datapipe.jenkins.plugins:hashicorp-vault-plugin

Description

Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials Jenkins HashiCorp Vault Plugin 371.v884a_4dd60fb_6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2025-676422. NVD-2025-676423. OSV-2025-676424. GCVE-2025-67642

References

1. https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3045

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.