cbcvebase.
CVE-2021-21661
published 2021-06-10

CVE-2021-21661: Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission…

medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EXPLOIT
Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Affected

7 ranges
VendorProductVersion rangeFixed in
jenkinsids_in_kubernetes_cli_plugin
jenkinsids_in_xebialabs_xl_deploy_plugin
jenkinskiuwan_plugin
jenkinskubernetes<= 1.10.0
jenkinskubernetes_cli_plugin
jenkinsxebialabs_xl_deploy_plugin
jenkins_projectjenkins_kubernetes_cli_pluginunspecified – 1.10.0