CVE-2018-1999040

HIGH

An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

CVSS v3.0 Score

8.8

/ 10.0

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Information

Published: 1 août 2018
Updated: 21 nov. 2024
Status: Modified
Source: cve@mitre.org

Affected products

jenkins kubernetesAll Kubernetes CVEs →

Versions : 1.10.1

Weaknesses (CWE)

CWE-200

References (2)

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1016
Vendor Advisory
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1016
Vendor Advisory

Similar CVEs

Other vulnerabilities of type CWE-200

Loading…

Monitor your products

Get automatic alerts for every new CVE affecting your equipment.

Enable monitoring