CVE-2019-10365

CWE-668 — Exposure to Wrong Sphere5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 75.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Kubernetes Engine Jenkins Project Jenkins Google Kubernetes Engine Plugin

Timeline

PublishedJul 31

Latest updateMay 24

Description

Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_google_kubernetes_engine_plugin0.6.2 and earlier

▶Mavenorg.jenkins-ci.plugins:google-kubernetes-engine< 0.6.3

▶NVDgoogle/kubernetes_engine0.6.2

🔴Vulnerability Details

GHSA

Jenkins Google Kubernetes Engine Plugin vulnerable to Exposure of Resource to Wrong Sphere↗2022-05-24

▶

OSV

Jenkins Google Kubernetes Engine Plugin vulnerable to Exposure of Resource to Wrong Sphere↗2022-05-24

▶

CVEList

CVE-2019-10365: Jenkins Google Kubernetes Engine Plugin 0↗2019-07-31

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-07-31↗2019-07-31

▶