PT-2019-14730 · Jenkins · Jenkins Alauda Kubernetes Support Plugin+1

Viktor Gazdag

Publicado

2019-12-17

Atualizado

2023-10-25

CVE-2019-16575

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier

Description A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing the Kubernetes service account token or credentials stored in Jenkins.

Recommendations For Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2019-16575

GHSA-5HVR-3FCR-WX8C

Produtos afetados

Jenkins

Jenkins Alauda Kubernetes Support Plugin

PT-2019-14730 · Jenkins · Jenkins Alauda Kubernetes Support Plugin+1

CVE-2019-16575

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5