Remote code execution

Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

CVE-2020-2121

Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

CVE-2019-10445

CVE-2019-10445 affects the Jenkins Google Kubernetes Engine Plugin (versions ≤ 0.7.0). A missing permission check enables users with Overall/Read to obtain limited information about a credential’s scope by supplying a credentials ID. The issue is specifically a disclosure vulnerability within the...

CVE-2019-10365

The CVE-2019-10365 entry concerns Jenkins Google Kubernetes Engine Plugin (versions 0.6.2 and earlier). The underlying issue is that the plugin creates a temporary file containing a temporary access token in the project workspace, exposing it to users with Job/Read permission. Documents from RH R...

PT-2019-11761 · Jenkins · Jenkins Google Kubernetes Engine Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Google Kubernetes Engine Plugin versions 0.6.2 and earlier Description: The issue concerns the creation of a temporary file containing a temporary access token in the project workspace, which could be accessed by users with Job/Read...