NotCVE - vendor:"Jenkins" product:"Kubernetes"

Page 2 of 23 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-27209

https://notcve.org/view.php?id=CVE-2022-27209

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una falta de comprobación de permisos en el Plugin Kubernetes Continuous Deploy de Jenkins versiones 2.3.1 y anteriores, permite a atacantes con permiso Overall/Read enumerar los IDs de las credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2636 • CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-27208

https://notcve.org/view.php?id=CVE-2022-27208

Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. El plugin Kubernetes Continuous Deploy de Jenkins versiones 2.3.1 y anteriores, permite a usuarios con permiso Credentials/Create leer archivos arbitrarios en el controlador Jenkins • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2096 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-21661

https://notcve.org/view.php?id=CVE-2021-21661

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Jenkins Kubernetes CLI Plugin versión 1.10.0 y anteriores no lleva a cabo comprobaciones de permisos en varios endpoints HTTP, permitiendo a atacantes con permiso Overall/Read enumerar los ID de las credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2021/06/10/14 https://www.jenkins.io/security/advisory/2021-06-10/#SECURITY-2370 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-2307 – jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin

https://notcve.org/view.php?id=CVE-2020-2307

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. Jenkins Kubernetes Plugin versiones 1.27.3 y anteriores, permiten a usuarios con pocos privilegios acceder a variables de entorno del controlador de Jenkins posiblemente confidenciales • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646 https://access.redhat.com/security/cve/CVE-2020-2307 https://bugzilla.redhat.com/show_bug.cgi?id=1895945 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-2308 – jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates

https://notcve.org/view.php?id=CVE-2020-2308

A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. Una falta de comprobación de permisos en Jenkins Kubernetes Plugin versiones 1.27.3 y anteriores, permite a atacantes con permiso Overall/Read enumerar los nombres de las plantillas pod global • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102 https://access.redhat.com/security/cve/CVE-2020-2308 https://bugzilla.redhat.com/show_bug.cgi?id=1895946 • CWE-862: Missing Authorization •

1 2 3 4 5