All the vulnerabilites related to Jenkins project - Jenkins Kubernetes Plugin
cve-2020-2308
Vulnerability from cvelistv5
Published
2020-11-04 14:35
Modified
2024-08-04 07:09
Severity ?
Summary
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:09:54.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins Kubernetes Plugin",
          "vendor": "Jenkins project",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "1.27.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.27.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "1.26.5"
            },
            {
              "status": "unaffected",
              "version": "1.25.4.1"
            },
            {
              "status": "unaffected",
              "version": "1.21.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T16:08:58.919Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "jenkinsci-cert@googlegroups.com",
          "ID": "CVE-2020-2308",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jenkins Kubernetes Plugin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "1.27.1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.27.3"
                          },
                          {
                            "version_affected": "!",
                            "version_value": "1.26.5"
                          },
                          {
                            "version_affected": "!",
                            "version_value": "1.25.4.1"
                          },
                          {
                            "version_affected": "!",
                            "version_value": "1.21.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Jenkins project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102",
              "refsource": "CONFIRM",
              "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2020-2308",
    "datePublished": "2020-11-04T14:35:40",
    "dateReserved": "2019-12-05T00:00:00",
    "dateUpdated": "2024-08-04T07:09:54.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2309
Vulnerability from cvelistv5
Published
2020-11-04 14:35
Modified
2024-08-04 07:09
Severity ?
Summary
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:09:53.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins Kubernetes Plugin",
          "vendor": "Jenkins project",
          "versions": [
            {
              "lessThanOrEqual": "1.27.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "1.26.5"
            },
            {
              "status": "unaffected",
              "version": "1.25.4.1"
            },
            {
              "status": "unaffected",
              "version": "1.21.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T16:09:00.109Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "jenkinsci-cert@googlegroups.com",
          "ID": "CVE-2020-2309",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jenkins Kubernetes Plugin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.27.3"
                          },
                          {
                            "version_affected": "!",
                            "version_value": "1.26.5"
                          },
                          {
                            "version_affected": "!",
                            "version_value": "1.25.4.1"
                          },
                          {
                            "version_affected": "!",
                            "version_value": "1.21.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Jenkins project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103",
              "refsource": "CONFIRM",
              "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2020-2309",
    "datePublished": "2020-11-04T14:35:40",
    "dateReserved": "2019-12-05T00:00:00",
    "dateUpdated": "2024-08-04T07:09:53.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-30513
Vulnerability from cvelistv5
Published
2023-04-12 17:05
Modified
2024-08-02 14:28
Severity ?
Summary
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:28:51.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Jenkins Security Advisory 2023-04-12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/04/13/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Jenkins Kubernetes Plugin",
          "vendor": "Jenkins Project",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3910.ve59cec5e33ea_",
              "versionType": "maven"
            },
            {
              "lessThan": "3670.*",
              "status": "unaffected",
              "version": "3670.3672.v0ec52a_286336",
              "versionType": "maven"
            },
            {
              "lessThan": "3900.*",
              "status": "unaffected",
              "version": "3900.3902.v10b_836a_c8c15",
              "versionType": "maven"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T12:49:33.213Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "name": "Jenkins Security Advisory 2023-04-12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-3075"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/04/13/3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2023-30513",
    "datePublished": "2023-04-12T17:05:05.743Z",
    "dateReserved": "2023-04-12T08:40:40.603Z",
    "dateUpdated": "2024-08-02T14:28:51.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2307
Vulnerability from cvelistv5
Published
2020-11-04 14:35
Modified
2024-08-04 07:09
Severity ?
Summary
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:09:53.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins Kubernetes Plugin",
          "vendor": "Jenkins project",
          "versions": [
            {
              "lessThanOrEqual": "1.27.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "1.26.5"
            },
            {
              "status": "unaffected",
              "version": "1.25.4.1"
            },
            {
              "status": "unaffected",
              "version": "1.21.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T16:08:57.797Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "jenkinsci-cert@googlegroups.com",
          "ID": "CVE-2020-2307",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jenkins Kubernetes Plugin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.27.3"
                          },
                          {
                            "version_affected": "!",
                            "version_value": "1.26.5"
                          },
                          {
                            "version_affected": "!",
                            "version_value": "1.25.4.1"
                          },
                          {
                            "version_affected": "!",
                            "version_value": "1.21.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Jenkins project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646",
              "refsource": "CONFIRM",
              "url": "https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2020-2307",
    "datePublished": "2020-11-04T14:35:40",
    "dateReserved": "2019-12-05T00:00:00",
    "dateUpdated": "2024-08-04T07:09:53.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}