19 matches found
CVE-2022-27210
A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins Kubernetes Continuous Deploy Plugin Permissions Licensing and Access Control Issues Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...
Jenkins Kubernetes Continuous Deploy Plugin Path Traversal Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...
CVE-2022-27210
A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-27208
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...
CVE-2022-27209
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-27209
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-27208
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...
Design/Logic Flaw
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-27211
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...
CVE-2022-27211
CVE-2022-27211 : Jenkins Kubernetes Continuous Deploy Plugin ≤ 2.3.1 suffers a missing permission check that lets users with Overall/Read access connect to an attacker‑specified SSH server using attacker‑specified credentials IDs, enabling capture of credentials stored in Jenkins. Red Hat and OSV...
CVE-2022-27211
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...
CVE-2022-27210
A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-27210
CVE-2022-27210 : A CSRF vulnerability in the Jenkins Kubernetes Continuous Deploy Plugin (versions up to and including 2.3.1) allows an attacker to cause Jenkins to connect to an attacker-specified SSH server using credentials IDs obtained through another method, thereby capturing credentials sto...
CVE-2022-27209
CVE-2022-27209 : Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier is affected by a missing permission check on HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins, exposing credential identifiers. Root cause: inadequate ac...
CVE-2022-27208
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...
CVE-2022-27208
CVE-2022-27208 affects the Jenkins Kubernetes Continuous Deploy Plugin (versions ≤ 2.3.1). It allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller, exposing sensitive data. The vulnerability is corroborated across NVD/OSV/Red Hat entries with CVSSv3.1 ...
PT-2022-18298 · Jenkins · Jenkins Kubernetes Continuous Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Continuous Deploy Plugin versions 2.3.1 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs, potentially...