Jenkins · Jenkins Kubernetes Credentials Provider Plugin · CVE-2023-24425
**Name of the Vulnerable Software and Affected Versions**
Jenkins Kubernetes Credentials Provider Plugin versions 1.208.v128ee9800c04 and earlier
**Description**
The issue allows attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to, due to the plugin not setting the appropriate context for Kubernetes credentials lookup.
**Recommendations**
For Jenkins Kubernetes Credentials Provider Plugin versions 1.208.v128ee9800c04 and earlier, update to a version that sets the appropriate context for Kubernetes credentials lookup to prevent unauthorized access.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.