CVE-2020-2308
published 2020-11-04CVE-2020-2308: A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_directory_plugin | — | — |
| jenkins | ansible_plugin | — | — |
| jenkins | appspider_plugin | — | — |
| jenkins | authentication_cache_in_active_directory_plugin | — | — |
| jenkins | aws_global_configuration_plugin | — | — |
| jenkins | azure_key_vault_plugin | — | — |
| jenkins | findbugs_plugin | — | — |
| jenkins | ids_in_azure_key_vault_plugin | — | — |
| jenkins | jenkins-ci_plugin | — | — |
| jenkins | kubernetes | <= 1.27.3 | — |
| jenkins | kubernetes_plugin | — | — |
| jenkins | mail_commander_plugin | — | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | sqlplus_script_runner_plugin | — | — |
| jenkins | static_analysis_utilities_plugin | — | — |
| jenkins | subversion_plugin | — | — |
| jenkins | visualworks_store_plugin | — | — |
| jenkins | vmware_lab_manager_slaves_plugin | — | — |
| jenkins_project | jenkins_kubernetes_plugin | >= 1.27.1 < unspecified | unspecified |
| jenkins_project | jenkins_kubernetes_plugin | unspecified – 1.27.3 | — |