CVE-2018-1999040 – org.csanchez.jenkins.plugins:kubernetes

Package

Manager: maven
Name: org.csanchez.jenkins.plugins:kubernetes
Vulnerable Version: >=0 <1.10.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00379 pctl0.58636

Details

Exposure of Sensitive Information in Jenkins Kubernetes Plugin An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

Metadata

Created: 2022-05-13T01:50:55Z
Modified: 2022-11-03T23:19:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fqg2-c97r-rqcj/GHSA-fqg2-c97r-rqcj.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-fqg2-c97r-rqcj
Finding: F038
Auto approve: 1