CVE-2022-25197 — Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows rea

Description

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the [LTS upgrade guide](https://www.jenkins.io/doc/upgrade-guide/2.303/#upgrading-to-jenkins-lts-2-303-3).

How to fix CVE-2022-25197

To remediate CVE-2022-25197, upgrade the affected package to a fixed version below.

—upgrade to 351.vdb_f83a_1c6a_9d or later

Is CVE-2022-25197 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 351.vdb_f83a_1c6a_9d

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-25197
PATCHgithub.com/jenkinsci/hashicorp-vault-plugin
WEBgithub.com/jenkinsci/hashicorp-vault-plugin/commit/c564958154e5b2eccb2423b0aaabd01b928f71fc
WEBgithub.com/jenkinsci/hashicorp-vault-plugin/releases/tag/351.vdb_f83a_1c6a_9d