Описание
Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.
Пакеты
com.cloudbees.jenkins.plugins:kubernetes-credentials-provider
< 1.209.v862c6e5fb
1.209.v862c6e5fb
Связанные уязвимости
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.