CVE-2023-24425

https://notcve.org/view.php?id=CVE-2023-24425

24 Jan 2023 — Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to. El complemento Kubernetes Credentials Provider de Jenkins en su versión 1.208.v128ee9800c04 y anteriores no establece el contexto apropiado para la búsqueda de credenciales de Kubernetes, lo que permite a los atacantes con permi... • https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3022 • CWE-284: Improper Access Control •