CVE-2020-2309

Summary

A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Kubernetes Pluginunspecified <= 1.27.3affected
Jenkins projectJenkins Kubernetes Plugin1.26.5unaffected
Jenkins projectJenkins Kubernetes Plugin1.25.4.1unaffected
Jenkins projectJenkins Kubernetes Plugin1.21.6unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References