Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Jenkins
Filtered by product Kubernetes
Angry Yack Logo
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-30513 1 Jenkins 1 Kubernetes 2025-02-07 N/A 7.5 HIGH
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
CVE-2021-21661 1 Jenkins 1 Kubernetes 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2020-2309 1 Jenkins 1 Kubernetes 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2020-2308 1 Jenkins 1 Kubernetes 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
CVE-2020-2307 1 Jenkins 1 Kubernetes 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.
CVE-2018-1999040 1 Jenkins 1 Kubernetes 2024-11-21 4.0 MEDIUM 8.8 HIGH
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
CVE-2018-1000187 1 Jenkins 1 Kubernetes 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs.