Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Affected Packages

Maven org.jenkins-ci.plugins:kubernetes-cli

Affected versions: 0 (fixed in 1.10.1)

Related CVEs

CVE-2021-21661

Key Information

GHSA ID

GHSA-xrg9-wwrq-xmx9

Published

June 16, 2021 5:11 PM

Last Modified

October 27, 2023 3:33 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:kubernetes-cli

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.