Описание
Missing permission checks in Jenkins kubernetes-cd Plugin allow enumerating credentials IDs
kubernetes-cd Plugin 2.3.1 and earlier does not perform permission checks in several HTTP endpoints.
This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.
Пакеты
Наименование
org.jenkins-ci.plugins:kubernetes-cd
maven
Затронутые версииВерсия исправления
<= 2.3.1
Отсутствует
Связанные уязвимости
CVSS3: 6.5
nvd
больше 3 лет назад
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.