org.csanchez.jenkins.plugins:kubernetes
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.csanchez.jenkins.plugins:kubernetespage 1 of 1
- CVE-2018-1000187MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.7.12018-06-05
vulnerable: 0.1 ... 1.7.0 (36 versions)
A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs.
- CVE-2018-1999040HIGHCVSS 8.8EG 8.8✓ Fixed in 1.10.22018-08-01
vulnerable: 0.1 ... 1.9.3 (48 versions)
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
- CVE-2020-2307MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.21.62020-11-04
vulnerable: 0.1 ... 1.9.3 (119 versions)
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.
- CVE-2020-2308MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.21.62020-11-04
vulnerable: 0.1 ... 1.9.3 (119 versions)
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
- CVE-2020-2309MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.21.62020-11-04
vulnerable: 0.1 ... 1.9.3 (119 versions)
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2023-30513HIGHCVSS 7.5EG 7.5✓ Fixed in 3910.ve59cec5e33ea2023-04-12
vulnerable: 0.1 ... 3909.v1f2c633e8590 (229 versions)
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Check whether org.csanchez.jenkins.plugins:kubernetes is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.csanchez.jenkins.plugins:kubernetes CVEs against the assets you own.
Start Free Scan →