What is the severity of CVE-2023-24425?

CVE-2023-24425 has a moderate severity level as it allows unauthorized access to Kubernetes credentials.

How do I fix CVE-2023-24425?

You can fix CVE-2023-24425 by updating the Jenkins Kubernetes Credentials Provider Plugin to version 1.209.v862c6e5fb or later.

Who is affected by CVE-2023-24425?

CVE-2023-24425 affects users of Jenkins Kubernetes Credentials Provider Plugin versions 1.208.v128ee9800c04 and earlier.

What permissions are required for an attack exploiting CVE-2023-24425?

An attacker needs Item/Configure permission to exploit CVE-2023-24425 and access sensitive Kubernetes credentials.

What types of credentials are at risk due to CVE-2023-24425?

CVE-2023-24425 allows unauthorized access to Kubernetes credentials configured within Jenkins.

Vulnerability/
CVE-2023-24425

medium

6.5

CWE

284

24/1/2023

26/1/2023

2/4/2025

CVE-2023-24425

First published: Tue Jan 24 2023(Updated: )

Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.

Credit: jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
	<=1.208.v128ee9800c04
Jenkins Kubernetes Credentials Provider	<=1.208.v128ee9800c04
maven/com.cloudbees.jenkins.plugins:kubernetes-credentials-provider	<1.209.v862c6e5fb	1.209.v862c6e5fb

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-24425?
CVE-2023-24425 has a moderate severity level as it allows unauthorized access to Kubernetes credentials.
How do I fix CVE-2023-24425?
You can fix CVE-2023-24425 by updating the Jenkins Kubernetes Credentials Provider Plugin to version 1.209.v862c6e5fb or later.
Who is affected by CVE-2023-24425?
CVE-2023-24425 affects users of Jenkins Kubernetes Credentials Provider Plugin versions 1.208.v128ee9800c04 and earlier.
What permissions are required for an attack exploiting CVE-2023-24425?
An attacker needs Item/Configure permission to exploit CVE-2023-24425 and access sensitive Kubernetes credentials.
What types of credentials are at risk due to CVE-2023-24425?
CVE-2023-24425 allows unauthorized access to Kubernetes credentials configured within Jenkins.

collector/nvd-index
agent/type
agent/first-publish-date
agent/references
agent/softwarecombine
agent/severity
agent/description
collector/github-advisory
source/GitHub
alias/GHSA-2jpx-h8j2-g8m4
alias/CVE-2023-24425
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
agent/event
agent/trending
collector/mitre-cve
source/MITRE
agent/source
agent/author
collector/nvd-api
agent/last-modified-date
agent/weakness
agent/tags
collector/github-advisory-latest
vendor/jenkins
canonical/jenkins kubernetes credentials provider
version/jenkins kubernetes credentials provider/1.208.v128ee9800c04
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.