Maven package
org.csanchez.jenkins.plugins/kubernetes
pkg:maven/org.csanchez.jenkins.plugins/kubernetes
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-30513 | — | < 3910.ve59cec5e33ea | 3910.ve59cec5e33ea | Apr 12, 2023 | Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | ||
| CVE-2020-2309 | — | >= 1.27.0, < 1.27.4 | 1.27.4 | Nov 4, 2020 | A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||
| CVE-2020-2308 | — | >= 1.27.1, < 1.27.4 | 1.27.4 | Nov 4, 2020 | A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. | ||
| CVE-2020-2307 | — | >= 1.27.0, < 1.27.4 | 1.27.4 | Nov 4, 2020 | Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. | ||
| CVE-2018-1999040 | — | < 1.10.2 | 1.10.2 | Aug 1, 2018 | An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | ||
| CVE-2018-1000187 | — | < 1.7.1 | 1.7.1 | Jun 5, 2018 | A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs. |
- CVE-2023-30513Apr 12, 2023affected < 3910.ve59cec5e33eafixed 3910.ve59cec5e33ea
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
- CVE-2020-2309Nov 4, 2020affected >= 1.27.0, < 1.27.4fixed 1.27.4
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2020-2308Nov 4, 2020affected >= 1.27.1, < 1.27.4fixed 1.27.4
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
- CVE-2020-2307Nov 4, 2020affected >= 1.27.0, < 1.27.4fixed 1.27.4
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.
- CVE-2018-1999040Aug 1, 2018affected < 1.10.2fixed 1.10.2
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
- CVE-2018-1000187Jun 5, 2018affected < 1.7.1fixed 1.7.1
A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs.