CVE-2022-27209 in Kubernetes and Jenkins Products
Published on March 15, 2022

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

NVD

Products Associated with CVE-2022-27209

stack.watch emails you whenever new vulnerabilities are published in Kubernetes Continuous Deploy or Jenkins Kubernetes Continuous Deploy. Just hit a watch button to start following.

Kubernetes Continuous Deploy

Jenkins Kubernetes Continuous Deploy

Affected Versions

Jenkins project Jenkins Kubernetes Continuous Deploy Plugin:

Version unspecified, <= 2.3.1 is affected.
Version next of 2.3.1 and below unspecified is unknown.

Exploit Probability

EPSS

0.13%

Percentile

32.90%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2022-27209 in Kubernetes and Jenkins ProductsPublished on March 15, 2022

Products Associated with CVE-2022-27209

Affected Versions

Exploit Probability

CVE-2022-27209 in Kubernetes and Jenkins Products
Published on March 15, 2022