Search
Search Results (18 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24425 | 1 Jenkins | 1 Kubernetes Credentials Provider | 2025-04-02 | 6.5 Medium |
| Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to. | ||||
| CVE-2023-30513 | 1 Jenkins | 1 Kubernetes | 2025-02-07 | 7.5 High |
| Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | ||||
| CVE-2022-27211 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-27210 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-11-21 | 6.5 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-27209 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-27208 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-11-21 | 6.5 Medium |
| Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. | ||||
| CVE-2021-21661 | 1 Jenkins | 1 Kubernetes | 2024-11-21 | 4.3 Medium |
| Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2020-2309 | 2 Jenkins, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 4.3 Medium |
| A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2020-2308 | 2 Jenkins, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. | ||||
| CVE-2020-2307 | 2 Jenkins, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 4.3 Medium |
| Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. | ||||
| CVE-2020-2211 | 1 Jenkins | 1 Kubernetes Ci | 2024-11-21 | 8.8 High |
| Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2019-10470 | 1 Jenkins | 1 Kubernetes Ci | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2019-10469 | 1 Jenkins | 1 Kubernetes Ci | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-10468 | 1 Jenkins | 1 Kubernetes Ci | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2019-10418 | 1 Jenkins | 1 Kubernetes Pipeline | 2024-11-21 | 9.9 Critical |
| Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | ||||
| CVE-2019-10417 | 1 Jenkins | 1 Kubernetes Pipeline | 2024-11-21 | 9.9 Critical |
| Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | ||||
| CVE-2018-1999040 | 1 Jenkins | 1 Kubernetes | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | ||||
| CVE-2018-1000187 | 1 Jenkins | 1 Kubernetes | 2024-11-21 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs. | ||||
Page 1 of 1.