CVE-2020-2308
Description
Jenkins Kubernetes Plugin 1.27.3 and earlier lacks a permission check, allowing attackers with Overall/Read to list global pod template names.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Jenkins Kubernetes Plugin 1.27.3 and earlier lacks a permission check, allowing attackers with Overall/Read to list global pod template names.
Vulnerability
The Jenkins Kubernetes Plugin up to version 1.27.3 contains a missing permission check in the doFillCloudItems and doFillInheritFromItems methods, which are used to populate dropdown lists for pod templates. This flaw allows users with only Overall/Read permission to enumerate global pod template names, which should require higher privileges such as Administer [1][3].
Exploitation
An attacker with Overall/Read access can trigger these methods via the Jenkins UI or API, bypassing the intended authorization check. The commit that fixes the issue adds a permission check for Jenkins.ADMINISTER before returning the list of cloud items [3].
Impact
By listing global pod template names, an attacker gains knowledge of the Kubernetes infrastructure configuration, which could aid in further attacks. However, the vulnerability does not allow modification or execution of templates [1][2].
Mitigation
The issue is fixed in Kubernetes Plugin version 1.27.4. Users should upgrade to the latest version. No workarounds are mentioned [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.csanchez.jenkins.plugins:kubernetesMaven | >= 1.27.1, < 1.27.4 | 1.27.4 |
org.csanchez.jenkins.plugins:kubernetesMaven | >= 1.26.0, < 1.26.5 | 1.26.5 |
org.csanchez.jenkins.plugins:kubernetesMaven | >= 1.22.0, < 1.25.4.1 | 1.25.4.1 |
org.csanchez.jenkins.plugins:kubernetesMaven | < 1.21.6 | 1.21.6 |
Affected products
2- Range: 1.27.1
Patches
17aac20940e63[SECURITY-2102]
1 file changed · +6 −0
src/main/java/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStep.java+6 −0 modified@@ -403,6 +403,9 @@ public DescriptorImpl() { public ListBoxModel doFillCloudItems() { ListBoxModel result = new ListBoxModel(); result.add("—any—", ""); + if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) { // TODO track use of SYSTEM_READ and/or MANAGE in GlobalCloudConfiguration + return result; + } Jenkins.get().clouds .getAll(KubernetesCloud.class) .forEach(cloud -> result.add(cloud.name)); @@ -415,6 +418,9 @@ public ListBoxModel doFillInheritFromItems(@QueryParameter("cloud") String cloud ListBoxModel result = new ListBoxModel(); result.add("—Default inheritance—", "<default>"); result.add("—Disable inheritance—", " "); + if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) { // TODO track use of SYSTEM_READ and/or MANAGE in GlobalCloudConfiguration + return result; + } Cloud cloud; if (cloudName == null) { cloud = Jenkins.get().clouds.get(KubernetesCloud.class);
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-rr6j-37cv-c7x7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-2308ghsaADVISORY
- github.com/jenkinsci/kubernetes-plugin/commit/7aac20940e637cdd2e38d3afd3748704e4015782ghsaWEB
- www.jenkins.io/security/advisory/2020-11-04/ghsax_refsource_CONFIRMWEB
News mentions
1- Jenkins Security Advisory 2020-11-04Jenkins Security Advisories · Nov 4, 2020