Описание
Jenkins Google Kubernetes Engine Plugin vulnerable to Exposure of Resource to Wrong Sphere
Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file named .kube…config containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.
This temporary file is now created outside the regular project workspace.
Пакеты
Наименование
org.jenkins-ci.plugins:google-kubernetes-engine
maven
Затронутые версииВерсия исправления
< 0.6.3
0.6.3
Связанные уязвимости
CVSS3: 4.3
nvd
около 6 лет назад
Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.