CVE-2022-27208

Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...

CVE-2022-27209

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-27210

A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-27209

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-27210

A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Design/Logic Flaw

Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-27211

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...

CVE-2022-27211

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...

CVE-2022-27211

CVE-2022-27211 : Jenkins Kubernetes Continuous Deploy Plugin ≤ 2.3.1 suffers a missing permission check that lets users with Overall/Read access connect to an attacker‑specified SSH server using attacker‑specified credentials IDs, enabling capture of credentials stored in Jenkins. Red Hat and OSV...

CVE-2022-27210

CVE-2022-27210 : A CSRF vulnerability in the Jenkins Kubernetes Continuous Deploy Plugin (versions up to and including 2.3.1) allows an attacker to cause Jenkins to connect to an attacker-specified SSH server using credentials IDs obtained through another method, thereby capturing credentials sto...

CVE-2022-27210

A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-27209

CVE-2022-27209 : Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier is affected by a missing permission check on HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins, exposing credential identifiers. Root cause: inadequate ac...

CVE-2022-27208

Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...

CVE-2022-27208

CVE-2022-27208 affects the Jenkins Kubernetes Continuous Deploy Plugin (versions ≤ 2.3.1). It allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller, exposing sensitive data. The vulnerability is corroborated across NVD/OSV/Red Hat entries with CVSSv3.1 ...

PT-2022-18299 · Jenkins · Jenkins Kubernetes Continuous Deploy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Continuous Deploy Plugin versions 2.3.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified...

PT-2022-18298 · Jenkins · Jenkins Kubernetes Continuous Deploy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Continuous Deploy Plugin versions 2.3.1 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs, potentially...

Jenkins Kubernetes Continuous Deploy Plugin 路径遍历漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...

PT-2022-18295 · Jenkins · Jenkins Kubernetes Continuous Deploy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Continuous Deploy Plugin versions 2.3.1 and earlier Description: The issue allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. This is a significant security concern as it...

Jenkins Kubernetes Continuous Deploy Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability can be exploited by an attacker with Overall/Read privilege...