Vulnerability Details CVE-2023-24425
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.6%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2023-24425
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:-
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.10
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.11
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.12.1
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.13
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.14
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.15
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.16
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.17
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.18
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.18-1
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.18.1
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.19
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.20
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.21
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.22
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.8
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:0.9
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:1.196.va_55f5e31e3c2
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:1.199.v4a_1d1f5d074f
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:1.201.v11b_14c7a_0772
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:1.206.v7ce2cf7b_0c8b
-
cpe:2.3:a:jenkins:kubernetes_credentials_provider:1.208.v128ee9800c04