CVE-2019-16576

Name of the Vulnerable Software and Affected Versions Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier

Description A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing the Kubernetes service account token or credentials stored in Jenkins.

Recommendations For Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier, update to a version that includes the fix for the missing permission check to prevent attackers from exploiting this issue.