Vulnerability in Jenkins HashiCorp Vault Plugin Allows Unauthorized Access to Credentials
CVE-2025-67642

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Hashicorp Vault Plugin
Vendor: CVE Published:; 10 December 2025

What is CVE-2025-67642?

The Jenkins HashiCorp Vault Plugin, specifically version 371.v884a_4dd60fb_6 and earlier, exhibits a significant access control flaw. It fails to properly set the context needed for looking up Vault credentials, which permits users with Item/Configure permissions to access Vault credentials that should be restricted. This unauthorized access can lead to exploitation, allowing attackers to capture sensitive credentials potentially compromising the integrity and security of the Jenkins environment. Organizations using this plugin are advised to review their permission settings and upgrade to the fixed version to mitigate this issue.

Affected Version(s)

Jenkins HashiCorp Vault Plugin 0 <= 371.v884a_4dd60fb_6

References

https://www.jenkins.io/security/advisory/2025-12-10/#SECU...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Dec 9, 2025

JSON