CVE-2025-67642
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-10

Last updated on: 2025-12-17

Assigner: Jenkins Project

Description
Jenkins HashiCorp Vault Plugin 371.v884a_4dd60fb_6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-10
Last Modified
2025-12-17
Generated
2026-06-16
AI Q&A
2025-12-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67642
EUVD
EUVD-2025-202450
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jenkins hashicorp_vault to 371.v884a_4dd60fb_6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-282 The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Jenkins HashiCorp Vault Plugin version 371.v884a_4dd60fb_6 and earlier, where the plugin does not set the appropriate context for Vault credentials lookup. This flaw allows attackers who have Item/Configure permission to access and potentially capture Vault credentials that they should not be entitled to.

Impact Analysis

The vulnerability can lead to unauthorized access to Vault credentials by attackers with Item/Configure permission. This means sensitive credentials stored in Vault could be exposed or captured by unauthorized users, potentially leading to further security breaches or misuse of privileged information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67642. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart