Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mcWcyLWM5N3ItcnFjas4AASyM
Exposure of Sensitive Information in Jenkins Kubernetes Plugin
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
Permalink: https://github.com/advisories/GHSA-fqg2-c97r-rqcjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mcWcyLWM5N3ItcnFjas4AASyM
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 5 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-fqg2-c97r-rqcj, CVE-2018-1999040
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1999040
- https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1016
- https://github.com/jenkinsci/kubernetes-plugin/commit/bf7a47847dfb5ef2d1e2a537e2eb9f28063988c6
- https://github.com/advisories/GHSA-fqg2-c97r-rqcj
Blast Radius: 1.0
Affected Packages
maven:org.csanchez.jenkins.plugins:kubernetes
Affected Version Ranges: <= 1.10.1Fixed in: 1.10.2