CVE-2020-2308

Summary

A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Kubernetes Plugin1.27.1 < unspecifiedaffected
Jenkins projectJenkins Kubernetes Pluginunspecified <= 1.27.3affected
Jenkins projectJenkins Kubernetes Plugin1.26.5unaffected
Jenkins projectJenkins Kubernetes Plugin1.25.4.1unaffected
Jenkins projectJenkins Kubernetes Plugin1.21.6unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References