A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: jenkins
Published: 2019-06-11T13:15:27
Updated: 2024-08-04T22:17:20.384Z
Reserved: 2019-03-29T00:00:00
Link: CVE-2019-10339

No data.

Status : Modified
Published: 2019-06-11T14:29:01.150
Modified: 2024-11-21T04:18:55.387
Link: CVE-2019-10339

No data.