CVE-2023-24425

GHSA-2jpx-h8j2-g8m4, CVE-2023-24425

maven/com.cloudbees.jenkins.plugins/kubernetes-credentials-provider

Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin

Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.

All versions before 1.209.v862c6e5fb

Upgrade to version 1.209.v862c6e5fb or above.

2023-01-27