Miggo Logo

CVE-2022-25186: Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin

3.1

CVSS Score
3.1

Basic Information

EPSS Score
0.69182%
Published
2/16/2022
Updated
2/3/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.datapipe.jenkins.plugins:hashicorp-vault-pluginmaven<= 3.8.0336.v182c0fbaaeb7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from agent processes being able to directly request Vault secrets. Jenkins plugins typically implement agent-controller communication via RPC, where agent-side stubs call controller-side methods. The advisory indicates the patched version removed this functionality, suggesting the vulnerable functions were controller-side secret retrieval methods that: 1) Accepted arbitrary path/key parameters from agents 2) Lacked proper authorization checks 3) Were part of the Vault integration logic. The high-confidence entry reflects core secret retrieval plumbing, while the medium-confidence entry represents a deeper implementation detail inferred from typical plugin architecture.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins **s*i*orp V*ult Plu*in *.*.* *n* **rli*r impl*m*nts *un*tion*lity t**t *llows ***nt pro**ss*s to r*tri*v* *ny V*ult s**r*ts *or us* on t** ***nt, *llowin* *tt**k*rs **l* to *ontrol ***nt pro**ss*s to o*t*in V*ult s**r*ts *or *n *tt**k*r-sp**i

Reasoning

T** vuln*r**ility st*ms *rom ***nt pro**ss*s **in* **l* to *ir**tly r*qu*st V*ult s**r*ts. J*nkins plu*ins typi**lly impl*m*nt ***nt-*ontroll*r *ommuni**tion vi* RP*, w**r* ***nt-si** stu*s **ll *ontroll*r-si** m*t*o*s. T** **visory in*i**t*s t** p*t