VYPR
← All advisories
Moderate severityNVD Advisory· Published Feb 15, 2022· Updated Aug 3, 2024

CVE-2022-25197

CVE-2022-25197

Description

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier lets agent processes read arbitrary files on the Jenkins controller, leading to credential exposure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier lets agent processes read arbitrary files on the Jenkins controller, leading to credential exposure.

Vulnerability

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system [1]. This capability is available without proper access control, enabling any agent process to access sensitive files on the controller.

Exploitation

An attacker who can control or configure an agent process (e.g., with Agent/Configure permission) can exploit this vulnerability by using the plugin's file-reading functionality to read arbitrary files from the Jenkins controller. The attacker does not require any additional privileges beyond those needed to control an agent process [1].

Impact

Successful exploitation allows an attacker to read arbitrary files on the Jenkins controller, potentially exposing sensitive information such as credentials, secrets, configuration files, and other confidential data stored on the controller's file system. This can lead to further compromise of the Jenkins environment and connected systems [1].

Mitigation

Upgrade to HashiCorp Vault Plugin version 351.vdb_f83a_1c6a_9d or later, released on 2022-02-15 [4]. No known workaround is available; the only mitigation is to apply the fixed version [1]. Users of versions earlier than 351.vdb_f83a_1c6a_9d should upgrade immediately.

References
  1. Jenkins Security Advisory 2022-02-15
  2. Release 351.vdb_f83a_1c6a_9d · jenkinsci/hashicorp-vault-plugin

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.datapipe.jenkins.plugins:hashicorp-vault-pluginMaven
< 351.vdb_f83a_1c6a_9d351.vdb_f83a_1c6a_9d

Affected products

2

Patches

1
c564958154e5

fixes SECURITY-2521 (#221)

https://github.com/jenkinsci/hashicorp-vault-pluginJoseph PetersenJul 12, 2022via ghsa
commit
1 file changed · +3 20
  • src/main/java/com/datapipe/jenkins/vault/credentials/VaultTokenFileCredential.java+3 20 modified
    @@ -6,12 +6,10 @@
 import edu.umd.cs.findbugs.annotations.CheckForNull;
 import edu.umd.cs.findbugs.annotations.NonNull;
 import hudson.Extension;
-import hudson.FilePath;
-import hudson.remoting.VirtualChannel;
 import java.io.File;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import org.apache.commons.io.FileUtils;
-import org.jenkinsci.remoting.RoleChecker;
 import org.kohsuke.stapler.DataBoundConstructor;
 
 public class VaultTokenFileCredential extends AbstractVaultTokenCredential {
@@ -28,24 +26,9 @@ public VaultTokenFileCredential(@CheckForNull CredentialsScope scope, @CheckForN
 
     @Override
     public String getToken(Vault vault) {
-        FilePath file = new FilePath(new File(filepath));
         try {
-            return file.act(new FilePath.FileCallable<String>() {
-                @Override
-                public void checkRoles(RoleChecker roleChecker) throws SecurityException {
-                    //not needed
-                }
-
-                @Override
-                public String invoke(File f, VirtualChannel channel) {
-                    try {
-                        return FileUtils.readFileToString(f);
-                    } catch (IOException e) {
-                        throw new RuntimeException(e);
-                    }
-                }
-            }).trim();
-        } catch (IOException | InterruptedException e) {
+            return FileUtils.readFileToString(new File(filepath), StandardCharsets.UTF_8);
+        } catch (IOException e) {
             throw new VaultPluginException("Failed to read token from file", e);
         }
     }

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

1