GHSA-2jpx-h8j2-g8m4, CVE-2023-24425
maven/com.cloudbees.jenkins.plugins/kubernetes-credentials-provider
Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.
All versions before 1.209.v862c6e5fb
Upgrade to version 1.209.v862c6e5fb or above.
2023-01-27
source |