Vulnerabilities > Jenkins > Kubernetes > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-10 | CVE-2021-21661 | Unspecified vulnerability in Jenkins Kubernetes Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2020-11-04 | CVE-2020-2309 | Unspecified vulnerability in Jenkins Kubernetes A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2020-11-04 | CVE-2020-2308 | Unspecified vulnerability in Jenkins Kubernetes A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. | 4.3 |
| 2020-11-04 | CVE-2020-2307 | Unspecified vulnerability in Jenkins Kubernetes Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. | 4.3 |
| 2018-08-01 | CVE-2018-1999040 | Information Exposure vulnerability in Jenkins Kubernetes An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | 4.0 |
| 2018-06-05 | CVE-2018-1000187 | Information Exposure vulnerability in Jenkins Kubernetes A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs. | 4.0 |