Search
Find a vulnerability
Search criteria
8 vulnerabilities found for Jenkins Kubernetes Plugin by Jenkins Project
CVE-2023-30513 (GCVE-0-2023-30513)
Vulnerability from nvd – Published: 2023-04-12 17:05 – Updated: 2025-02-07 19:24
VLAI
Summary
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins Kubernetes Plugin |
Unaffected:
3910.ve59cec5e33ea_ , < *
(maven)
Unaffected: 3670.3672.v0ec52a_286336 , < 3670.* (maven) Unaffected: 3900.3902.v10b_836a_c8c15 , < 3900.* (maven) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-04-12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/13/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T19:24:23.362273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T19:24:28.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Jenkins Kubernetes Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3910.ve59cec5e33ea_",
"versionType": "maven"
},
{
"lessThan": "3670.*",
"status": "unaffected",
"version": "3670.3672.v0ec52a_286336",
"versionType": "maven"
},
{
"lessThan": "3900.*",
"status": "unaffected",
"version": "3900.3902.v10b_836a_c8c15",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T12:49:33.213Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-04-12",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/13/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-30513",
"datePublished": "2023-04-12T17:05:05.743Z",
"dateReserved": "2023-04-12T08:40:40.603Z",
"dateUpdated": "2025-02-07T19:24:28.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2309 (GCVE-0-2020-2309)
Vulnerability from nvd – Published: 2020-11-04 14:35 – Updated: 2024-08-04 07:09
VLAI
Summary
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2020-11-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Kubernetes Plugin |
Affected:
unspecified , ≤ 1.27.3
(custom)
Unaffected: 1.26.5 Unaffected: 1.25.4.1 Unaffected: 1.21.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:09:53.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Kubernetes Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.27.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.26.5"
},
{
"status": "unaffected",
"version": "1.25.4.1"
},
{
"status": "unaffected",
"version": "1.21.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:09:00.109Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2020-2309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Kubernetes Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.27.3"
},
{
"version_affected": "!",
"version_value": "1.26.5"
},
{
"version_affected": "!",
"version_value": "1.25.4.1"
},
{
"version_affected": "!",
"version_value": "1.21.6"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2020-2309",
"datePublished": "2020-11-04T14:35:40.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:09:53.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2308 (GCVE-0-2020-2308)
Vulnerability from nvd – Published: 2020-11-04 14:35 – Updated: 2024-08-04 07:09
VLAI
Summary
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2020-11-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Kubernetes Plugin |
Affected:
1.27.1 , < unspecified
(custom)
Affected: unspecified , ≤ 1.27.3 (custom) Unaffected: 1.26.5 Unaffected: 1.25.4.1 Unaffected: 1.21.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:09:54.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Kubernetes Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.27.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.27.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.26.5"
},
{
"status": "unaffected",
"version": "1.25.4.1"
},
{
"status": "unaffected",
"version": "1.21.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:08:58.919Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2020-2308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Kubernetes Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.27.1"
},
{
"version_affected": "\u003c=",
"version_value": "1.27.3"
},
{
"version_affected": "!",
"version_value": "1.26.5"
},
{
"version_affected": "!",
"version_value": "1.25.4.1"
},
{
"version_affected": "!",
"version_value": "1.21.6"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2020-2308",
"datePublished": "2020-11-04T14:35:40.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:09:54.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2307 (GCVE-0-2020-2307)
Vulnerability from nvd – Published: 2020-11-04 14:35 – Updated: 2024-08-04 07:09
VLAI
Summary
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2020-11-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Kubernetes Plugin |
Affected:
unspecified , ≤ 1.27.3
(custom)
Unaffected: 1.26.5 Unaffected: 1.25.4.1 Unaffected: 1.21.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:09:53.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Kubernetes Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.27.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.26.5"
},
{
"status": "unaffected",
"version": "1.25.4.1"
},
{
"status": "unaffected",
"version": "1.21.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:08:57.797Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2020-2307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Kubernetes Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.27.3"
},
{
"version_affected": "!",
"version_value": "1.26.5"
},
{
"version_affected": "!",
"version_value": "1.25.4.1"
},
{
"version_affected": "!",
"version_value": "1.21.6"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2020-2307",
"datePublished": "2020-11-04T14:35:40.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:09:53.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30513 (GCVE-0-2023-30513)
Vulnerability from cvelistv5 – Published: 2023-04-12 17:05 – Updated: 2025-02-07 19:24
VLAI
Summary
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins Kubernetes Plugin |
Unaffected:
3910.ve59cec5e33ea_ , < *
(maven)
Unaffected: 3670.3672.v0ec52a_286336 , < 3670.* (maven) Unaffected: 3900.3902.v10b_836a_c8c15 , < 3900.* (maven) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-04-12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/13/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T19:24:23.362273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T19:24:28.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Jenkins Kubernetes Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "3910.ve59cec5e33ea_",
"versionType": "maven"
},
{
"lessThan": "3670.*",
"status": "unaffected",
"version": "3670.3672.v0ec52a_286336",
"versionType": "maven"
},
{
"lessThan": "3900.*",
"status": "unaffected",
"version": "3900.3902.v10b_836a_c8c15",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T12:49:33.213Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-04-12",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/04/13/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-30513",
"datePublished": "2023-04-12T17:05:05.743Z",
"dateReserved": "2023-04-12T08:40:40.603Z",
"dateUpdated": "2025-02-07T19:24:28.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2308 (GCVE-0-2020-2308)
Vulnerability from cvelistv5 – Published: 2020-11-04 14:35 – Updated: 2024-08-04 07:09
VLAI
Summary
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2020-11-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Kubernetes Plugin |
Affected:
1.27.1 , < unspecified
(custom)
Affected: unspecified , ≤ 1.27.3 (custom) Unaffected: 1.26.5 Unaffected: 1.25.4.1 Unaffected: 1.21.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:09:54.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Kubernetes Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.27.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.27.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.26.5"
},
{
"status": "unaffected",
"version": "1.25.4.1"
},
{
"status": "unaffected",
"version": "1.21.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:08:58.919Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2020-2308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Kubernetes Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.27.1"
},
{
"version_affected": "\u003c=",
"version_value": "1.27.3"
},
{
"version_affected": "!",
"version_value": "1.26.5"
},
{
"version_affected": "!",
"version_value": "1.25.4.1"
},
{
"version_affected": "!",
"version_value": "1.21.6"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2020-2308",
"datePublished": "2020-11-04T14:35:40.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:09:54.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2307 (GCVE-0-2020-2307)
Vulnerability from cvelistv5 – Published: 2020-11-04 14:35 – Updated: 2024-08-04 07:09
VLAI
Summary
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2020-11-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Kubernetes Plugin |
Affected:
unspecified , ≤ 1.27.3
(custom)
Unaffected: 1.26.5 Unaffected: 1.25.4.1 Unaffected: 1.21.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:09:53.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Kubernetes Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.27.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.26.5"
},
{
"status": "unaffected",
"version": "1.25.4.1"
},
{
"status": "unaffected",
"version": "1.21.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:08:57.797Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2020-2307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Kubernetes Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.27.3"
},
{
"version_affected": "!",
"version_value": "1.26.5"
},
{
"version_affected": "!",
"version_value": "1.25.4.1"
},
{
"version_affected": "!",
"version_value": "1.21.6"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2020-2307",
"datePublished": "2020-11-04T14:35:40.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:09:53.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2309 (GCVE-0-2020-2309)
Vulnerability from cvelistv5 – Published: 2020-11-04 14:35 – Updated: 2024-08-04 07:09
VLAI
Summary
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2020-11-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Kubernetes Plugin |
Affected:
unspecified , ≤ 1.27.3
(custom)
Unaffected: 1.26.5 Unaffected: 1.25.4.1 Unaffected: 1.21.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:09:53.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Kubernetes Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.27.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.26.5"
},
{
"status": "unaffected",
"version": "1.25.4.1"
},
{
"status": "unaffected",
"version": "1.21.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:09:00.109Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2020-2309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Kubernetes Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.27.3"
},
{
"version_affected": "!",
"version_value": "1.26.5"
},
{
"version_affected": "!",
"version_value": "1.25.4.1"
},
{
"version_affected": "!",
"version_value": "1.21.6"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2020-2309",
"datePublished": "2020-11-04T14:35:40.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:09:53.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}