Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file named `.kube…config` containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.

This temporary file is now created outside the regular project workspace.

Affected Packages

Maven org.jenkins-ci.plugins:google-kubernetes-engine

Affected versions: 0 (fixed in 0.6.3)

Related CVEs

CVE-2019-10365

Key Information

GHSA ID

GHSA-xw4c-9434-3f7p

Published

May 24, 2022 4:51 PM

Last Modified

October 26, 2023 4:22 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:google-kubernetes-engine

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.