First published: Wed Nov 04 2020(Updated: )
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kubernetes | <1.27.4 | 1.27.4 |
redhat/jenkins | <2-plugins-0:3.11.1612862361-1.el7 | 2-plugins-0:3.11.1612862361-1.el7 |
redhat/jenkins | <2-plugins-0:4.5.1610108899-1.el7 | 2-plugins-0:4.5.1610108899-1.el7 |
redhat/jenkins | <2-plugins-0:4.6.1609853716-1.el8 | 2-plugins-0:4.6.1609853716-1.el8 |
Jenkins Kubernetes | <=1.27.3 | |
maven/org.csanchez.jenkins.plugins:kubernetes | <1.21.6 | 1.21.6 |
maven/org.csanchez.jenkins.plugins:kubernetes | >=1.22.0<1.25.4.1 | 1.25.4.1 |
maven/org.csanchez.jenkins.plugins:kubernetes | >=1.26.0<1.26.5 | 1.26.5 |
maven/org.csanchez.jenkins.plugins:kubernetes | >=1.27.0<1.27.4 | 1.27.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)