GHSA-fqg2-c97r-rqcj

Source

https://github.com/advisories/GHSA-fqg2-c97r-rqcj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fqg2-c97r-rqcj/GHSA-fqg2-c97r-rqcj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-fqg2-c97r-rqcj

Aliases

CVE-2018-1999040

Published

2022-05-13T01:50:55Z

Modified

2024-02-16T08:19:58.369799Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Exposure of Sensitive Information in Jenkins Kubernetes Plugin

Details

An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

Database specific

{
    "nvd_published_at": "2018-08-01T13:29:00Z",
    "github_reviewed_at": "2022-11-03T23:19:45Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "HIGH",
    "github_reviewed": true
}

References

Affected packages

Maven / org.csanchez.jenkins.plugins:kubernetes

Package

Name: org.csanchez.jenkins.plugins:kubernetes; View open source insights on deps.dev
Purl: pkg:maven/org.csanchez.jenkins.plugins/kubernetes

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.2

Affected versions

0.*

0.1

0.2

0.3

0.4

0.4.1

0.5

0.6

0.7

0.8

0.9

0.10

0.11

0.12

1.*

1.0

1.1

1.1.1

1.1.2

1.1.3

1.1.4

1.2

1.2.1

1.3

1.3.1

1.3.2

1.3.3

1.4

1.4.1

1.5

1.5.1

1.5.2

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.7.0

1.7.1

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.9.0

1.9.1

1.9.2

1.9.3

1.10.0

1.10.1

Database specific

last_known_affected_version_range

"<= 1.10.1"