-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from the doFillCredentialsIdItems method in KubectlBuildWrapper.java which handles credential enumeration. The commit diff shows a security check was added requiring either ADMINISTER or EXTENDED_READ permissions. Prior to this fix, the method didn't perform any permission validation, enabling unauthorized credential ID enumeration. The CWE-862 classification and advisory descriptions directly match this missing authorization pattern in an HTTP endpoint.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.csanchez.jenkins.plugins:kubernetes | maven | >= 1.27.0, < 1.27.4 | 1.27.4 |
| org.csanchez.jenkins.plugins:kubernetes | maven | >= 1.26.0, < 1.26.5 | 1.26.5 |
| org.csanchez.jenkins.plugins:kubernetes | maven | >= 1.22.0, < 1.25.4.1 | 1.25.4.1 |
| org.csanchez.jenkins.plugins:kubernetes | maven | < 1.21.6 | 1.21.6 |