Advisories for Maven/Org.jenkins-Ci.plugins/Google-Kubernetes-Engine package

Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.

Jenkins Google Kubernetes Engine Plugin does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

A missing permission check in Jenkins Google Kubernetes Engine Plugin allows attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID.