Security
Headlines

Headlines Latest CVEs

Headline

GHSA-3fm2-hx3h-xm4v: Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials

Jenkins HashiCorp Vault Plugin 371.v884a_4dd60fb_6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to.

1 day ago

#git #java #intel #maven

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-67642

Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials

Moderate severity GitHub Reviewed Published Dec 10, 2025 to the GitHub Advisory Database • Updated Dec 10, 2025

Package

maven com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven)

Description

Published to the GitHub Advisory Database

Dec 10, 2025

Last updated

Dec 10, 2025

EPSS score

ghsa: Latest News

GHSA-qgc4-8p88-4w7m: Servify-express rate limit issue

4 hours ago

GHSA-9449-rphm-mjqr: AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE

5 hours ago

GHSA-fw33-qpx7-rhx2: Vulnerability discovered in gardenctl versions < v2.12.0

6 hours ago

GHSA-g754-hx8w-x2g6: quic-go HTTP/3 QPACK Header Expansion DoS

6 hours ago

GHSA-8xqm-6fj2-hfgf: PowerJob has a server-side request forgery vulnerability in PingPongUtils.java

7 hours ago