CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2307 – jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin
https://notcve.org/view.php?id=CVE-2020-2307
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. Jenkins Kubernetes Plugin versiones 1.27.3 y anteriores, permiten a usuarios con pocos privilegios acceder a variables de entorno del controlador de Jenkins posiblemente confidenciales • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646 https://access.redhat.com/security/cve/CVE-2020-2307 https://bugzilla.redhat.com/show_bug.cgi?id=1895945 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2308 – jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates
https://notcve.org/view.php?id=CVE-2020-2308
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. Una falta de comprobación de permisos en Jenkins Kubernetes Plugin versiones 1.27.3 y anteriores, permite a atacantes con permiso Overall/Read enumerar los nombres de las plantillas pod global • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102 https://access.redhat.com/security/cve/CVE-2020-2308 https://bugzilla.redhat.com/show_bug.cgi?id=1895946 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2309 – jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs
https://notcve.org/view.php?id=CVE-2020-2309
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una falta / o una incorrecta comprobación de permisos en Jenkins Kubernetes Plugin versiones 1.27.3 y anteriores, permite a atacantes con permiso Overall/Read enumerar los ID de credenciales almacenadas en Jenkins • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103 https://access.redhat.com/security/cve/CVE-2020-2309 https://bugzilla.redhat.com/show_bug.cgi?id=1895947 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-8557 – Kubernetes node disk Denial of Service by writing to container /etc/hosts
https://notcve.org/view.php?id=CVE-2020-8557
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail. El componente kubelet de Kubenetes versiones 1.1-1.16.12, 1.17.0-1.17.8 y 1.18.0-1.18.5, no cuenta para el uso del disco por parte de un pod que escribe en su propio archivo /etc/hosts. El archivo /etc/hosts montado en un pod para kubelet no esta incluido para el administrador de desalojo de kubelet al calcular el uso de almacenamiento efímero por un pod. • https://github.com/kubernetes/kubernetes/issues/93032 https://groups.google.com/g/kubernetes-security-announce/c/cB_JUsYEKyY/m/vVSO61AhBwAJ https://security.netapp.com/advisory/ntap-20200821-0002 https://access.redhat.com/security/cve/CVE-2020-8557 https://bugzilla.redhat.com/show_bug.cgi?id=1835977 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11252 – Credential leakage when failing to mount
https://notcve.org/view.php?id=CVE-2019-11252
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes. El Kubernetes kube-controller-manager en versiones v1.0-v1.17, es vulnerable a una filtración de credenciales por medio de mensajes de error en registros de fallo de montaje y eventos para volúmenes de AzureFile y CephFS A flaw was found in Kubernetes that allows the logging of credentials when mounting AzureFile and CephFS volumes. This flaw allows an attacker to access kubelet logs, read the credentials, and use them to access other services. The highest threat from this vulnerability is to confidentiality. • https://github.com/kubernetes/kubernetes/pull/88684 https://access.redhat.com/security/cve/CVE-2019-11252 https://bugzilla.redhat.com/show_bug.cgi?id=1860158 • CWE-209: Generation of Error Message Containing Sensitive Information •