CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30513
https://notcve.org/view.php?id=CVE-2023-30513
12 Apr 2023 — Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. • http://www.openwall.com/lists/oss-security/2023/04/13/3 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24425
https://notcve.org/view.php?id=CVE-2023-24425
24 Jan 2023 — Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to. El complemento Kubernetes Credentials Provider de Jenkins en su versión 1.208.v128ee9800c04 y anteriores no establece el contexto apropiado para la búsqueda de credenciales de Kubernetes, lo que permite a los atacantes con permi... • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3022 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27211
https://notcve.org/view.php?id=CVE-2022-27211
15 Mar 2022 — A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una comprobación de permisos faltante/incorrecta en el Plugin Kubernetes Continuous Deploy de Jenkins versiones 2.3.1 y anteriores, permite a atacantes con permiso de Overall/Read conectarse a un servidor SSH esp... • http://www.openwall.com/lists/oss-security/2022/03/15/2 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27210
https://notcve.org/view.php?id=CVE-2022-27210
15 Mar 2022 — A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el Plugin Kubernetes Continuous Deploy de Jenkins versiones 2.3.1 y anteriores, permite a atacantes conectarse a un servidor SSH especificado por el ataca... • http://www.openwall.com/lists/oss-security/2022/03/15/2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27209
https://notcve.org/view.php?id=CVE-2022-27209
15 Mar 2022 — A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una falta de comprobación de permisos en el Plugin Kubernetes Continuous Deploy de Jenkins versiones 2.3.1 y anteriores, permite a atacantes con permiso Overall/Read enumerar los IDs de las credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2022/03/15/2 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27208
https://notcve.org/view.php?id=CVE-2022-27208
15 Mar 2022 — Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. El plugin Kubernetes Continuous Deploy de Jenkins versiones 2.3.1 y anteriores, permite a usuarios con permiso Credentials/Create leer archivos arbitrarios en el controlador Jenkins • http://www.openwall.com/lists/oss-security/2022/03/15/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2021-21661
https://notcve.org/view.php?id=CVE-2021-21661
10 Jun 2021 — Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Jenkins Kubernetes CLI Plugin versión 1.10.0 y anteriores no lleva a cabo comprobaciones de permisos en varios endpoints HTTP, permitiendo a atacantes con permiso Overall/Read enumerar los ID de las credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2021/06/10/14 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2307 – jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin
https://notcve.org/view.php?id=CVE-2020-2307
04 Nov 2020 — Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. Jenkins Kubernetes Plugin versiones 1.27.3 y anteriores, permiten a usuarios con pocos privilegios acceder a variables de entorno del controlador de Jenkins posiblemente confidenciales Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed includ... • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2308 – jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates
https://notcve.org/view.php?id=CVE-2020-2308
04 Nov 2020 — A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. Una falta de comprobación de permisos en Jenkins Kubernetes Plugin versiones 1.27.3 y anteriores, permite a atacantes con permiso Overall/Read enumerar los nombres de las plantillas pod global Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Is... • https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102 • CWE-862: Missing Authorization •