CVE-2019-10365

Exposure of Resource to Wrong Sphere in maven/org.jenkins-ci.plugins/google-kubernetes-engine

Identifiers

GHSA-xw4c-9434-3f7p, CVE-2019-10365

Package Slug

maven/org.jenkins-ci.plugins/google-kubernetes-engine

Vulnerability

Exposure of Resource to Wrong Sphere

Description

Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.

Affected Versions

All versions before 0.6.3

Solution

Upgrade to version 0.6.3 or above.

Last Modified

2023-03-06

source