71 matches found
CloudBees Jenkins Kubernetes Plugin Access Control Error Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An access control error...
CloudBees Jenkins Kubernetes Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An information disclosure...
CVE-2020-2309
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2020-2308
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names...
CVE-2020-2308
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names...
Information disclosure
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names...
Information disclosure
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2020-2309
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2020-2308
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names...
CVE-2020-2308
The CVE-2020-2308 issue is described in the Jenkins Kubernetes Plugin advisory (GHSA-RR6J-37CV-C7X7). It states that, prior to versions 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6, the plugin does not perform a permission check on a Kubernetes HTTP endpoint, allowing attackers with Overall/Read permissi...
CVE-2020-2307
CVE-2020-2307 affects Jenkins Kubernetes Plugin (versions
PT-2020-15537 · Jenkins · Jenkins Kubernetes Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Plugin versions 1.27.3 and earlier Jenkins Kubernetes Plugin versions prior to 1.27.4 Jenkins Kubernetes Plugin versions prior to 1.26.5 Jenkins Kubernetes Plugin versions prior to 1.25.4.1 Jenkins Kubernetes Plugin version...
PT-2020-15538 · Jenkins · Jenkins Kubernetes Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Plugin versions 1.27.3 and earlier Jenkins Kubernetes Plugin versions prior to 1.27.4 Jenkins Kubernetes Plugin versions prior to 1.26.5 Jenkins Kubernetes Plugin versions prior to 1.25.4.1 Jenkins Kubernetes Plugin version...
PT-2020-15426 · Jenkins · Jenkins Elasticbox Jenkins Kubernetes Ci/Cd Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin versions 1.3 and earlier Description: The issue is related to the YAML parser configuration in the Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin, which allows the instantiation of...
CVE-2020-2121
Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
PT-2019-14730 · Jenkins · Jenkins Alauda Kubernetes Support Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing the...
CloudBees Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin Cross-Site Request Forgery Vulnerability (CNVD-2019-38508)
CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. company CloudBees. The product is mainly used to monitor continuous software version release/testing projects and some timed tasks.ElasticBox Jenkins Kubernetes CI/CD Plugin is used in...
CloudBees Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin Access Privilege Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. company CloudBees. The product is mainly used to monitor continuous software version release/testing projects and some timed tasks.ElasticBox Jenkins Kubernetes CI/CD Plugin is used in...
CloudBees Jenkins Kubernetes Plugin Information Disclosure Vulnerability (CNVD-2018-15088)
CloudBees Jenkins is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version release/testing projects and some timed tasks.Kubernetes Plugin is one of the dynamically configured using the Kubernetes cluster Jenkins agents The...
CVE-2018-1999040
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins...