CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2309 – jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs
https://notcve.org/view.php?id=CVE-2020-2309
04 Nov 2020 — A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una falta / o una incorrecta comprobación de permisos en Jenkins Kubernetes Plugin versiones 1.27.3 y anteriores, permite a atacantes con permiso Overall/Read enumerar los ID de credenciales almacenadas en Jenkins Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform sol... • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2211
https://notcve.org/view.php?id=CVE-2020-2211
02 Jul 2020 — Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin versiones 1.3 y anteriores, no configura su analizador YAML para impedir la creación de instancias de tipos arbitrarios, resultando en una vulnerabilidad de ejecución de código remota • http://www.openwall.com/lists/oss-security/2020/07/02/7 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2020-2121
https://notcve.org/view.php?id=CVE-2020-2121
12 Feb 2020 — Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Jenkins Google Kubernetes Engine Plugin versiones 0.8.0 y anteriores, no configuran su analizador YAML para impedir la creación de instancias de tipos arbitrarios, resultando en una vulnerabilidad de ejecución de código remota. • http://www.openwall.com/lists/oss-security/2020/02/12/3 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16576
https://notcve.org/view.php?id=CVE-2019-16576
17 Dec 2019 — A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. Una falta de comprobación de permiso en Jenkins Alauda Kubernetes Suport Plugin versión 2.3.0 y anteriores, permite a atacantes con permiso General y de Lectura conectarse a una URL e... • http://www.openwall.com/lists/oss-security/2019/12/17/1 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16575
https://notcve.org/view.php?id=CVE-2019-16575
17 Dec 2019 — A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. Una vulnerabilidad de tipo cross-site request forgery en Jenkins Alauda Kubernetes Suport Plugin versión 2.3.0 y anteriores, permite a atacantes conectarse a una URL especificada por el atacante u... • http://www.openwall.com/lists/oss-security/2019/12/17/1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10470
https://notcve.org/view.php?id=CVE-2019-10470
23 Oct 2019 — A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. Una falta de comprobación de permiso en Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin, en métodos relacionados con formulario permitió a los usuarios con acceso General y de Lectura enumerar los ID de credenciales de credenciales almacenadas en Jenkins. • http://www.openwall.com/lists/oss-security/2019/10/23/2 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10468
https://notcve.org/view.php?id=CVE-2019-10468
23 Oct 2019 — A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una vulnerabilidad de tipo cross-site request forgery en Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin, les permite a atacantes conectarse a una URL especificada por parte del atacante usando ID de credenciales especificadas por el atacan... • http://www.openwall.com/lists/oss-security/2019/10/23/2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10469
https://notcve.org/view.php?id=CVE-2019-10469
23 Oct 2019 — A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una falta de comprobación de permiso en Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin, permite a atacantes con permiso General y de Lectura conectarse a una URL especificada por parte del atacante usando los ID de credenciale... • http://www.openwall.com/lists/oss-security/2019/10/23/2 • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10445
https://notcve.org/view.php?id=CVE-2019-10445
16 Oct 2019 — A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. Una falta de comprobación de permiso en Jenkins Google Kubernetes Engine Plugin versión 0.7.0 y anteriores, permitieron a atacantes con permiso General y de Lectura obtener información limitada sobre el alcance de una credencial con un ID de credenciales especificado por ... • http://www.openwall.com/lists/oss-security/2019/10/16/6 • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10418
https://notcve.org/view.php?id=CVE-2019-10418
25 Sep 2019 — Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin, proporciona una lista blanca personalizada para la seguridad del script que permite a atacantes invocar métodos arbitrarios, evitando la protección típica de sandbox. • http://www.openwall.com/lists/oss-security/2019/09/25/3 •