CVE-2020-2309

State: PUBLISHED · Published: 2020-11-04 · Updated: 2024-08-04 · Assigner: jenkins

Description

A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CWE

(none)

Affected

Jenkins project / Jenkins Kubernetes Plugin — v=unspecified ≤1.27.3 [affected]; v=1.26.5 [unaffected]; v=1.25.4.1 [unaffected]; v=1.21.6 [unaffected]

CVSS

(none)

References

https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2020/2xxx/CVE-2020-2309.json