CVE-2020-2308

State: PUBLISHED · Published: 2020-11-04 · Updated: 2024-08-04 · Assigner: jenkins

Description

A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.

CWE

(none)

Affected

Jenkins project / Jenkins Kubernetes Plugin — v=1.27.1 <unspecified [affected]; v=unspecified ≤1.27.3 [affected]; v=1.26.5 [unaffected]; v=1.25.4.1 [unaffected]; v=1.21.6 [unaffected]

CVSS

(none)

References

https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2020/2xxx/CVE-2020-2308.json