cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-30513,https://securityvulnerability.io/vulnerability/CVE-2023-30513,Credential Exposure in Jenkins Kubernetes Plugin by Jenkins,"A security flaw in the Jenkins Kubernetes Plugin allows sensitive credentials to be revealed in build logs when durable task logging is activated. Specifically, versions up to 3909.v1f2c633e8590 fail to adequately mask sensitive data, leading to potential information leaks. This vulnerability could expose critical credentials used in Jenkins builds, prompting the need for immediate security measures.",Jenkins,Jenkins Kubernetes Plugin,7.5,HIGH,0.00171999994199723,false,,false,false,false,,,false,false,,2023-04-12T18:15:00.000Z,0
CVE-2023-24425,https://securityvulnerability.io/vulnerability/CVE-2023-24425,Kubernetes Credentials Exposure in Jenkins Plugin,"The Jenkins Kubernetes Credentials Provider Plugin versions prior to 1.208.v128ee9800c04 are susceptible to a vulnerability that fails to properly set the context for Kubernetes credentials lookup. This oversight permits attackers with 'Item/Configure' permissions to access and capture Kubernetes credentials they shouldn't have access to, posing a significant security risk for users managing containerized applications.",Jenkins,Jenkins Kubernetes Credentials Provider Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-01-26T21:18:00.000Z,0
CVE-2018-1999040,https://securityvulnerability.io/vulnerability/CVE-2018-1999040,Sensitive Information Exposure in Jenkins Kubernetes Plugin by Jenkins,"A vulnerability exists in the Jenkins Kubernetes Plugin that allows unauthorized access to sensitive information. Specifically, the issue arises in the KubernetesCloud.java file where credentials identified by a known credentials ID can be captured by attackers. This flaw was present in versions 1.10.1 and earlier of the Jenkins Kubernetes Plugin, potentially compromising the security of affected Jenkins installations.",Jenkins,Kubernetes,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-10-03T16:22:22.000Z,0
CVE-2022-27211,https://securityvulnerability.io/vulnerability/CVE-2022-27211,Insufficient Permission Check in Jenkins Kubernetes Continuous Deploy Plugin,"A lack of proper permission verification in versions of Jenkins Kubernetes Continuous Deploy Plugin prior to 2.3.1 enables users with Overall/Read permissions to connect to arbitrary SSH servers using credentials that can be manipulated by the attacker. This vulnerability allows unauthorized access by capturing sensitive credentials stored in Jenkins, exposing systems to potential exploitation.",Jenkins,Jenkins Kubernetes Continuous Deploy Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-03-15T16:46:01.000Z,0
CVE-2022-27210,https://securityvulnerability.io/vulnerability/CVE-2022-27210,CSRF Vulnerability in Kubernetes Continuous Deploy Plugin by Jenkins,"A cross-site request forgery (CSRF) vulnerability exists in the Kubernetes Continuous Deploy Plugin for Jenkins, which could allow attackers to leverage attacker-specified credentials IDs to connect to malicious SSH servers. This vulnerability effectively enables unauthorized access to sensitive credentials stored in Jenkins, raising significant security concerns for users of the affected plugin versions. It is crucial for Jenkins users to update to the latest plugin version to mitigate potential security risks.",Jenkins,Jenkins Kubernetes Continuous Deploy Plugin,6.5,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2022-03-15T16:45:59.000Z,0
CVE-2022-27209,https://securityvulnerability.io/vulnerability/CVE-2022-27209,Missing Permission Check in Jenkins Kubernetes Continuous Deploy Plugin Exposes Sensitive Data,"A vulnerability exists in the Kubernetes Continuous Deploy Plugin for Jenkins whereby a missing permission check allows users with Overall/Read permissions to enumerate sensitive credential IDs stored in Jenkins. This poses a significant risk as attackers may exploit this weakness to gain insights into user credentials, potentially leading to unauthorized access and further exploitation. It is crucial for Jenkins administrators to update to the latest version of the plugin to mitigate this risk and bolster the security of their CI/CD pipeline.",Jenkins,Jenkins Kubernetes Continuous Deploy Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-03-15T16:45:58.000Z,0
CVE-2022-27208,https://securityvulnerability.io/vulnerability/CVE-2022-27208,File Read Vulnerability in Kubernetes Continuous Deploy Plugin by Jenkins,"The Kubernetes Continuous Deploy Plugin for Jenkins permits users with the 'Credentials/Create' permission to gain unauthorized access to arbitrary files on the Jenkins controller. This flaw could expose sensitive information and compromise the integrity of the Jenkins environment, emphasizing the importance of securing user permissions and regular audits of plugin configurations.",Jenkins,Jenkins Kubernetes Continuous Deploy Plugin,6.5,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2022-03-15T16:45:56.000Z,0
CVE-2021-21661,https://securityvulnerability.io/vulnerability/CVE-2021-21661,,"Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.",Jenkins,Jenkins Kubernetes Cli Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-06-10T14:25:19.000Z,0
CVE-2020-2307,https://securityvulnerability.io/vulnerability/CVE-2020-2307,,Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.,Jenkins,Jenkins Kubernetes Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-11-04T14:35:40.000Z,0
CVE-2020-2308,https://securityvulnerability.io/vulnerability/CVE-2020-2308,,A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.,Jenkins,Jenkins Kubernetes Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-11-04T14:35:40.000Z,0
CVE-2020-2309,https://securityvulnerability.io/vulnerability/CVE-2020-2309,,A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.,Jenkins,Jenkins Kubernetes Plugin,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-11-04T14:35:40.000Z,0
CVE-2020-2211,https://securityvulnerability.io/vulnerability/CVE-2020-2211,,"Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.",Jenkins,Jenkins Elasticbox Jenkins Kubernetes Ci/cd Plugin,8.8,HIGH,0.0025100000202655792,false,,false,false,false,,,false,false,,2020-07-02T14:55:37.000Z,0
CVE-2020-2121,https://securityvulnerability.io/vulnerability/CVE-2020-2121,,"Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.",Jenkins,Jenkins Google Kubernetes Engine Plugin,8.8,HIGH,0.0018700000364333391,false,,false,false,false,,,false,false,,2020-02-12T14:35:45.000Z,0
CVE-2019-16576,https://securityvulnerability.io/vulnerability/CVE-2019-16576,,"A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins.",Jenkins,Jenkins Alauda Kubernetes Suport Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2019-12-17T14:40:57.000Z,0
CVE-2019-16575,https://securityvulnerability.io/vulnerability/CVE-2019-16575,,"A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins.",Jenkins,Jenkins Alauda Kubernetes Suport Plugin,8.8,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2019-12-17T14:40:56.000Z,0
CVE-2019-10470,https://securityvulnerability.io/vulnerability/CVE-2019-10470,,A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.,Jenkins,Jenkins Elasticbox Jenkins Kubernetes Ci/cd Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2019-10-23T12:45:43.000Z,0
CVE-2019-10469,https://securityvulnerability.io/vulnerability/CVE-2019-10469,,"A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Elasticbox Jenkins Kubernetes Ci/cd Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2019-10-23T12:45:42.000Z,0
CVE-2019-10468,https://securityvulnerability.io/vulnerability/CVE-2019-10468,,"A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.",Jenkins,Jenkins Elasticbox Jenkins Kubernetes Ci/cd Plugin,8.8,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2019-10-23T12:45:42.000Z,0
CVE-2019-10445,https://securityvulnerability.io/vulnerability/CVE-2019-10445,,A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID.,Jenkins,Jenkins Google Kubernetes Engine Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2019-10-16T13:00:48.000Z,0
CVE-2019-10417,https://securityvulnerability.io/vulnerability/CVE-2019-10417,,"Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.",Jenkins,Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin,9.9,CRITICAL,0.0009299999801442027,false,,false,false,false,,,false,false,,2019-09-25T15:05:33.000Z,0
CVE-2019-10418,https://securityvulnerability.io/vulnerability/CVE-2019-10418,,"Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.",Jenkins,Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin,9.9,CRITICAL,0.0009299999801442027,false,,false,false,false,,,false,false,,2019-09-25T15:05:33.000Z,0
CVE-2019-10365,https://securityvulnerability.io/vulnerability/CVE-2019-10365,,"Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.",Jenkins,Jenkins Google Kubernetes Engine Plugin,4.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2019-07-31T12:45:21.000Z,0
CVE-2018-1000187,https://securityvulnerability.io/vulnerability/CVE-2018-1000187,,A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs.,Jenkins,Kubernetes,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2018-06-05T20:29:00.000Z,0