CVE-2020-2308

Name of the Vulnerable Software and Affected Versions Jenkins Kubernetes Plugin versions 1.27.3 and earlier Jenkins Kubernetes Plugin versions prior to 1.27.4 Jenkins Kubernetes Plugin versions prior to 1.26.5 Jenkins Kubernetes Plugin versions prior to 1.25.4.1 Jenkins Kubernetes Plugin versions prior to 1.21.6

Description A missing permission check in the Jenkins Kubernetes Plugin allows attackers with Overall/Read permission to list global pod template names. This issue is related to an HTTP endpoint that does not perform a permission check, enabling attackers to exploit this weakness.

Recommendations For Jenkins Kubernetes Plugin version 1.27.3 and earlier, update to version 1.27.4 or later. For Jenkins Kubernetes Plugin versions prior to 1.26.5, update to version 1.26.5 or later. For Jenkins Kubernetes Plugin versions prior to 1.25.4.1, update to version 1.25.4.1 or later. For Jenkins Kubernetes Plugin versions prior to 1.21.6, update to version 1.21.6 or later.