Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-wwr4-79jv-297r

GitHub Security Advisory

Missing permission checks in Google Kubernetes Engine Jenkins Plugin

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

A missing permission check in Jenkins Google Kubernetes Engine Plugin Prior to version 0.7.1 allows attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. This issue is patched in version 0.7.1

Affected Packages

Maven org.jenkins-ci.plugins:google-kubernetes-engine
Affected versions: 0 (fixed in 0.7.1)

Related CVEs

CVE-2019-10445

Key Information

GHSA ID
GHSA-wwr4-79jv-297r
Published
May 24, 2022 4:58 PM
Last Modified
December 6, 2022 9:48 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:google-kubernetes-engine
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.