Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10418 | Cri | 0.64 | 9.9 | 0.01 | Sep 25, 2019 | Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | ||
| CVE-2019-10417 | Cri | 0.64 | 9.9 | 0.01 | Sep 25, 2019 | Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | ||
| CVE-2023-30513 | Hig | 0.49 | 7.5 | 0.00 | Apr 12, 2023 | Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | ||
| CVE-2021-21661 | Med | 0.28 | 4.3 | 0.02 | Jun 10, 2021 | Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||
| CVE-2020-2309 | Med | 0.21 | 4.3 | 0.01 | Nov 4, 2020 | A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||
| CVE-2020-2308 | Med | 0.21 | 4.3 | 0.01 | Nov 4, 2020 | A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. | ||
| CVE-2020-2307 | Med | 0.21 | 4.3 | 0.01 | Nov 4, 2020 | Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. |
- risk 0.64cvss 9.9epss 0.01
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
- risk 0.64cvss 9.9epss 0.01
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
- risk 0.49cvss 7.5epss 0.00
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
- risk 0.28cvss 4.3epss 0.02
Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- risk 0.21cvss 4.3epss 0.01
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- risk 0.21cvss 4.3epss 0.01
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
- risk 0.21cvss 4.3epss 0.01
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.