Описание
Missing permission checks in Google Kubernetes Engine Jenkins Plugin
A missing permission check in Jenkins Google Kubernetes Engine Plugin Prior to version 0.7.1 allows attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. This issue is patched in version 0.7.1
Пакеты
Наименование
org.jenkins-ci.plugins:google-kubernetes-engine
maven
Затронутые версииВерсия исправления
< 0.7.1
0.7.1
Связанные уязвимости
CVSS3: 4.3
nvd
больше 6 лет назад
A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID.