GHSA-2jpx-h8j2-g8m4

Source

https://github.com/advisories/GHSA-2jpx-h8j2-g8m4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-2jpx-h8j2-g8m4/GHSA-2jpx-h8j2-g8m4.json

Aliases

CVE-2023-24425

Published

2023-01-26T21:30:18Z

Modified

2024-02-16T08:15:43.274170Z

Details

Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.

References

Affected packages

Maven / com.cloudbees.jenkins.plugins:kubernetes-credentials-provider

Package

Name: com.cloudbees.jenkins.plugins:kubernetes-credentials-provider

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.209.v862c6e5fb

Affected versions

0.*

0.8

0.9

0.10

0.11

0.12

0.12.1

0.13

0.14

0.15

0.16

0.17

0.18-1

0.20

0.21

0.22

1.*

1.196.va_55f5e31e3c2

1.199.v4a_1d1f5d074f

1.201.v11b_14c7a_0772

1.206.v7ce2cf7b_0c8b

1.208.v128ee9800c04