Description
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Remediation
References
https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103
Related Vulnerabilities
CVE-2023-28708 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2015-8854 Vulnerability in npm package marked
CVE-2012-0022 Vulnerability in maven package org.apache.tomcat:coyote
CVE-2022-1274 Vulnerability in maven package org.keycloak:keycloak-themes
CVE-2016-4468 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server