16 matches found
CVE-2022-27210
A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-27210
A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-27209
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-27208
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...
CVE-2022-27209
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-27208
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...
Design/Logic Flaw
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...
CVE-2022-27211
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...
CVE-2022-27211
CVE-2022-27211 : Jenkins Kubernetes Continuous Deploy Plugin ≤ 2.3.1 suffers a missing permission check that lets users with Overall/Read access connect to an attacker‑specified SSH server using attacker‑specified credentials IDs, enabling capture of credentials stored in Jenkins. Red Hat and OSV...
CVE-2022-27211
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...
CVE-2022-27210
A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-27210
CVE-2022-27210 : A CSRF vulnerability in the Jenkins Kubernetes Continuous Deploy Plugin (versions up to and including 2.3.1) allows an attacker to cause Jenkins to connect to an attacker-specified SSH server using credentials IDs obtained through another method, thereby capturing credentials sto...
CVE-2022-27209
CVE-2022-27209 : Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier is affected by a missing permission check on HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins, exposing credential identifiers. Root cause: inadequate ac...
CVE-2022-27208
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...
CVE-2022-27208
CVE-2022-27208 affects the Jenkins Kubernetes Continuous Deploy Plugin (versions ≤ 2.3.1). It allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller, exposing sensitive data. The vulnerability is corroborated across NVD/OSV/Red Hat entries with CVSSv3.1 ...
PT-2022-18298 · Jenkins · Jenkins Kubernetes Continuous Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Continuous Deploy Plugin versions 2.3.1 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs, potentially...