RHCOS 4 : OpenShift Container Platform 4.6.12 (RHSA-2021:0038)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0038 advisory. - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity XXE attacks CVE-2020-2304 -...

SUSE CVE-2026-35205

Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance .prov file when signature verification is required. This vulnerability is fixed in 4.1.4...

OPENSUSE-SU-2026:20099-1 Security update for coredns

This update for coredns fixes the following issues: Changes in coredns: - fix CVE-2025-68156 bsc1255345 - fix CVE-2025-68161 bsc1256411 - Update to version 1.14.0: core: Fix gosec G115 integer overflow warnings core: Add regex length limit plugin/azure: Fix slice init length plugin/errors: Add...

CVE-2022-27208

Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...

EUVD-2023-1395

Malicious code in bioql PyPI...

EUVD-2022-3565

Malicious code in bioql PyPI...

EUVD-2022-3783

Malicious code in bioql PyPI...

EUVD-2022-3005

Malicious code in bioql PyPI...

EUVD-2022-3680

Malicious code in bioql PyPI...

EUVD-2022-3821

Malicious code in bioql PyPI...

EUVD-2022-3862

Malicious code in bioql PyPI...

EUVD-2022-5292

Malicious code in bioql PyPI...

CVE-2021-21661

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2019-10469

A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

OPENSUSE-SU-2025:0131-1 Security update for coredns

This update for coredns fixes the following issues: - Update to version 1.12.1: core: Increase CNAME lookup limit from 7 to 10 7153 plugin/kubernetes: Fix handling of pods having DeletionTimestamp set plugin/kubernetes: Revert 'only create PTR records for endpoints with hostname defined'...

SUSE CVE-2023-2727

Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....

com.openshift.jenkins:openshift-pipeline (>=1.0.22 <=1.0.57), io.fabric8.jenkins.plugins:openshift-sync (>=0.0.8 <=1.0.45) potentially affected by CVE-2023-30513 via org.csanchez.jenkins.plugins:kubernetes (>=0.10 <=1.18.2)

org.csanchez.jenkins.plugins:kubernetes MAVEN version =0.10, =1.0.22, =0.0.8, =1.0.45 Source cves: CVE-2023-30513 Source advisory: OSV:GHSA-V5HQ-CQQR-6W4G...

CVE-2023-30513

CVE-2023-30513 affects Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier, where credentials could be exposed in build logs when push mode for durable task logging is enabled. The advisory notes a fix: Kubernetes 3910.ve59cec5e33ea_ resolves the masking issue for the Kubernetes plugin. Othe...

CVE-2023-30513

Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...