Jenkins Kubernetes
By the Year
In 2024 there have been 0 vulnerabilities in Jenkins Kubernetes . Last year Kubernetes had 1 security vulnerability published. Right now, Kubernetes is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.50 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 4.30 |
| 2020 | 3 | 4.30 |
| 2019 | 0 | 0.00 |
| 2018 | 2 | 7.65 |
It may take a day or so for new Kubernetes vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Kubernetes Security Vulnerabilities
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e
CVE-2023-30513
7.5 - High
- April 12, 2023
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.
Cleartext Transmission of Sensitive Information
Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints
CVE-2021-21661
4.3 - Medium
- June 10, 2021
Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Jenkins Kubernetes Plugin 1.27.3 and earlier
CVE-2020-2307
4.3 - Medium
- November 04, 2020
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier
CVE-2020-2308
4.3 - Medium
- November 04, 2020
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier
CVE-2020-2309
4.3 - Medium
- November 04, 2020
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java
CVE-2018-1999040
8.8 - High
- August 01, 2018
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
Information Disclosure
A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java
CVE-2018-1000187
6.5 - Medium
- June 05, 2018
A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Kubernetes or by Jenkins? Click the Watch button to subscribe.
