4.2

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-36888

GHSA ID

GHSA-vpf7-q2rx-26mh

EPSS Score

0.61782%

CWE

CWE-862

Published

7/28/2022

Updated

1/5/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-36888

CVE-2022-36888: Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys.

(GitHub Advisory)

4.2

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-36888

GHSA ID

GHSA-vpf7-q2rx-26mh

EPSS Score

0.61782%

CWE

CWE-862

Published

7/28/2022

Updated

1/5/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.datapipe.jenkins.plugins:hashicorp-vault-plugin	maven	<= 354.vdb	355.v3b_38d767a_b_a_8

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from missing Jenkins.ADMINISTER permission checks in 'doTestConnection' methods across multiple credential implementations. These methods handle HTTP endpoints for Vault connection testing. The commit 3b38d76 explicitly adds Jenkins.get().checkPermission(Jenkins.ADMINISTER) to all these methods, confirming they were the attack surface. The CWE-862 (Missing Authorization) maps directly to the absence of these checks, allowing attackers with lower privileges to exploit the endpoints. The Jelly UI changes further support this by hiding test buttons from non-admins, but the core vulnerability was in the backend authorization logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* missin* p*rmission ****k in J*nkins **s*i*orp V*ult Plu*in ***.v**_*******_*** *n* **rli*r *llows *tt**k*rs wit* Ov*r*ll/R*** p*rmission to o*t*in *r***nti*ls stor** in V*ult wit* *tt**k*r-sp**i*i** p*t* *n* k*ys.

Reasoning

T** vuln*r**ility st*mm** *rom missin* `J*nkins.**MINIST*R` p*rmission ****ks in '*oT*st*onn**tion' m*t*o*s **ross multipl* *r***nti*l impl*m*nt*tions. T**s* m*t*o*s **n*l* *TTP *n*points *or V*ult *onn**tion t*stin*. T** *ommit ******* *xpli*itly **

4.2

Basic Information

Concerned about an active attack path?

CVE-2022-36888: Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests

4.2

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI