CVE-2020-2211
- EPSS 0.81%
- Published 02.07.2020 15:15:18
- Last modified 21.11.2024 05:24:58
Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
CVE-2019-10469
- EPSS 0.05%
- Published 23.10.2019 13:15:11
- Last modified 21.11.2024 04:19:12
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
CVE-2019-10470
- EPSS 0.05%
- Published 23.10.2019 13:15:11
- Last modified 21.11.2024 04:19:12
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2019-10468
- EPSS 0.09%
- Published 23.10.2019 13:15:10
- Last modified 21.11.2024 04:19:12
A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials ...