Vulnerabilities > Jenkins > Kubernetes

DATE CVE VULNERABILITY TITLE RISK
2023-04-12 CVE-2023-30513 Cleartext Transmission of Sensitive Information vulnerability in Jenkins Kubernetes
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
network
low complexity
jenkins CWE-319
7.5
2021-06-10 CVE-2021-21661 Unspecified vulnerability in Jenkins Kubernetes
Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins
4.3
2020-11-04 CVE-2020-2309 Unspecified vulnerability in Jenkins Kubernetes
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
network
low complexity
jenkins
4.3
2020-11-04 CVE-2020-2308 Unspecified vulnerability in Jenkins Kubernetes
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
network
low complexity
jenkins
4.3
2020-11-04 CVE-2020-2307 Unspecified vulnerability in Jenkins Kubernetes
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.
network
low complexity
jenkins
4.3
2018-08-01 CVE-2018-1999040 Information Exposure vulnerability in Jenkins Kubernetes
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
network
low complexity
jenkins CWE-200
8.8
2018-06-05 CVE-2018-1000187 Information Exposure vulnerability in Jenkins Kubernetes
A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs.
network
low complexity
jenkins CWE-200
6.5