CVE-2018-1000187

MEDIUM6.5EPSS 0.32%

Exposure of Sensitive Information in Jenkins Kubernetes Plugin

Published: 5/14/2022Modified: 11/8/2023

Description

A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs.

Affected packages (1)

Maven/org.csanchez.jenkins.plugins:kubernetesfrom 0, < 1.7.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000187
WEBhttps://github.com/jenkinsci/kubernetes-plugin/commit/43a1d15b0875ae89ae16f2a2bfdd44ffd1e5f46d
WEBhttps://jenkins.io/security/advisory/2018-06-04/#SECURITY-883
WEBhttps://www.jenkins.io/security/advisory/2018-06-04/#SECURITY-883