PT-2019-14730 · Jenkins · Jenkins Alauda Kubernetes Support Plugin+1
Viktor Gazdag
·
Published
2019-12-17
·
Updated
2023-10-25
·
CVE-2019-16575
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier
Description
A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing the Kubernetes service account token or credentials stored in Jenkins.
Recommendations
For Jenkins Alauda Kubernetes Support Plugin versions 2.3.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Alauda Kubernetes Support Plugin