CVE-2020-2308

Aliases:GHSA-rr6j-37cv-c7x7

Advisory lineage Upstream: 0 Downstream: 3

Downstream

RHSA-2021:0034 RHSA-2021:0038 RHSA-2021:0637

Modified

Published: 04 Nov 2020, 14:35

Last modified:04 Aug 2024, 07:09

Vulnerability Summary

Overall Risk (default)

low

17/100

CVSS Score

4.3 MEDIUM

v3.1 (nvd)

EPSS Score

0.09% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

04 Nov 2020, 14:35

Published

Vulnerability first disclosed

04 Aug 2024, 07:09

Last Modified

Vulnerability information updated

Description

A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.

CVSS Metrics

v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.09%• Percentile: 25%

Affected Systems

jenkins project•jenkins kubernetes plugin
≥ 1.27.1, < unspecified | ≥ unspecified, ≤ 1.27.3
jenkins•kubernetes
≤ 1.27.3
org.csanchez.jenkins.plugins•kubernetes
≥ 1.27.1, < 1.27.4 | ≥ 1.26.0, < 1.26.5 | ≥ 1.22.0, < 1.25.4.1 | < 1.21.6