GHSA-xrg9-wwrq-xmx9

Source

https://github.com/advisories/GHSA-xrg9-wwrq-xmx9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-xrg9-wwrq-xmx9/GHSA-xrg9-wwrq-xmx9.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-xrg9-wwrq-xmx9

Aliases

CVE-2021-21661

Published

2021-06-16T17:11:30Z

Modified

2023-11-01T04:54:20.679242Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Missing Authorization in Jenkins Kubernetes CLI Plugin

Details

Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Database specific

{
    "cwe_ids": [
        "CWE-862"
    ],
    "github_reviewed_at": "2021-06-14T19:17:11Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "nvd_published_at": "2021-06-10T15:15:00Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:kubernetes-cli

Package

Name: org.jenkins-ci.plugins:kubernetes-cli; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/kubernetes-cli

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.1

Affected versions

0.*

0.1.0

1.*

1.0.0

1.1.0

1.2.0

1.3.0

1.4.0

1.5.0

1.6.0

1.7.0

1.8.0

1.8.1

1.8.2

1.8.3

1.9.0

1.10.0