Описание
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins-plugin-kubernetes | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-plugin-kubernetes | Not affected | ||
| Red Hat OpenShift Container Platform 3.2 | jenkins-plugin-kubernetes | Will not fix | ||
| Red Hat OpenShift Container Platform 3.3 | jenkins-plugin-kubernetes | Will not fix | ||
| Red Hat OpenShift Container Platform 3.4 | jenkins-plugin-kubernetes | Will not fix | ||
| Red Hat OpenShift Container Platform 3.5 | jenkins-plugin-kubernetes | Will not fix | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins-plugin-kubernetes | Will not fix | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins-plugin-kubernetes | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins-plugin-kubernetes | Will not fix | ||
| Red Hat OpenShift Enterprise 3.1 | jenkins-plugin-kubernetes | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1611846jenkins-plugin-kubernetes: credentials Information Exposure
4.8 Medium
CVSS3
Связанные уязвимости
CVSS3: 8.8
nvd
почти 7 лет назад
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
CVSS3: 8.8
github
около 3 лет назад
Exposure of Sensitive Information in Jenkins Kubernetes Plugin
4.8 Medium
CVSS3