VulnerableCode Package Details - pkg:maven/org.csanchez.jenkins.plugins/kubernetes@1.21.6

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2t2v-bwr2-vugu	Missing authorization in Jenkins Kubernetes Plugin Jenkins Kubernetes Plugin prior to 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability. An enumeration of credentials IDs in Kubernetes Plugin 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 requires the appropriate permissions.	CVE-2020-2309 GHSA-g2r3-4g8q-h5rj
VCID-8t18-v493-jbam	Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin Jenkins Kubernetes Plugin prior to 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 includes a feature to replace placeholders in pod template and container template fields with environment variable values. This feature allows low-privilege users to access possibly sensitive Jenkins controller environment variables. Kubernetes Plugin 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 disables this feature.	CVE-2020-2307 GHSA-fh5w-p2j4-4p8x
VCID-myg2-6ghy-hkgm	Missing Authorization in Jenkins Kubernetes Plugin Jenkins Kubernetes Plugin prior to 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to list global pod template names. Kubernetes Plugin 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 requires Overall/Administer permission to list global pod template names.	CVE-2020-2308 GHSA-rr6j-37cv-c7x7

Vulnerability

Summary

Aliases

VCID-2t2v-bwr2-vugu

Missing authorization in Jenkins Kubernetes Plugin Jenkins Kubernetes Plugin prior to 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability. An enumeration of credentials IDs in Kubernetes Plugin 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 requires the appropriate permissions.

CVE-2020-2309
GHSA-g2r3-4g8q-h5rj

VCID-8t18-v493-jbam

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin Jenkins Kubernetes Plugin prior to 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 includes a feature to replace placeholders in pod template and container template fields with environment variable values. This feature allows low-privilege users to access possibly sensitive Jenkins controller environment variables. Kubernetes Plugin 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 disables this feature.

CVE-2020-2307
GHSA-fh5w-p2j4-4p8x

VCID-myg2-6ghy-hkgm

Missing Authorization in Jenkins Kubernetes Plugin Jenkins Kubernetes Plugin prior to 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to list global pod template names. Kubernetes Plugin 1.27.4, 1.26.5, 1.25.4.1, and 1.21.6 requires Overall/Administer permission to list global pod template names.

CVE-2020-2308
GHSA-rr6j-37cv-c7x7

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:01:50.227086+00:00	GHSA Importer	Fixing	VCID-myg2-6ghy-hkgm	https://github.com/advisories/GHSA-rr6j-37cv-c7x7	38.0.0
2026-04-01T16:01:49.973920+00:00	GHSA Importer	Fixing	VCID-2t2v-bwr2-vugu	https://github.com/advisories/GHSA-g2r3-4g8q-h5rj	38.0.0
2026-04-01T16:01:49.864428+00:00	GHSA Importer	Fixing	VCID-8t18-v493-jbam	https://github.com/advisories/GHSA-fh5w-p2j4-4p8x	38.0.0
2026-04-01T13:09:10.766650+00:00	GithubOSV Importer	Fixing	VCID-myg2-6ghy-hkgm	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rr6j-37cv-c7x7/GHSA-rr6j-37cv-c7x7.json	38.0.0
2026-04-01T13:08:15.892632+00:00	GithubOSV Importer	Fixing	VCID-2t2v-bwr2-vugu	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g2r3-4g8q-h5rj/GHSA-g2r3-4g8q-h5rj.json	38.0.0
2026-04-01T13:07:50.413203+00:00	GithubOSV Importer	Fixing	VCID-8t18-v493-jbam	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fh5w-p2j4-4p8x/GHSA-fh5w-p2j4-4p8x.json	38.0.0