CVE-2022-27210

A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-27211

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...

PT-2022-18299 · Jenkins · Jenkins Kubernetes Continuous Deploy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Continuous Deploy Plugin versions 2.3.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified...

Jenkins Kubernetes Continuous Deploy Plugin 路径遍历漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...

PT-2022-18295 · Jenkins · Jenkins Kubernetes Continuous Deploy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Continuous Deploy Plugin versions 2.3.1 and earlier Description: The issue allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. This is a significant security concern as it...