[JENKINS:SECURITY-1345] `google-kubernetes-engine` stored temporary secret in a user accessible location

Severity Medium

Affected Packages 2

Fixed Packages 2

CVEs 1

google-kubernetes-engine created a temporary file named .kube…config containing a temporary access token in the project workspace.
This allowed the file to be accessed via workspace browsers, or accidentally archived, disclosing the token.

This temporary file is now created outside the regular project workspace.

Package	Affected Version
pkg:maven/org.jenkins-ci.plugins/google-kubernetes-engine	<= 0.6.2
pkg:github/jenkinsci/google-kubernetes-engine-plugin	<= 0.6.2

Package	Fixed Version
pkg:maven/org.jenkins-ci.plugins/google-kubernetes-engine	= 0.6.3
pkg:github/jenkinsci/google-kubernetes-engine-plugin	= 0.6.3

ID

JENKINS:SECURITY-1345

Severity

medium

Published

2019-07-31T00:00:00
(5 years ago)

Modified

2019-07-31T00:00:00
(5 years ago)

Rights

Jenkins Security Team

Other Advisories

MAVEN:GHSA-XW4C-9434-3F7P

Source	# ID	Name	URL
Plugin repository		google-kubernetes-engine repository	https://github.com/jenkinsci/google-kubernetes-engine-plugin

Type	Package URL	Namespace	Name / Product	Version
Affected	pkg:maven/org.jenkins-ci.plugins/google-kubernetes-engine	org.jenkins-ci.plugins	google-kubernetes-engine	<= 0.6.2
Fixed	pkg:maven/org.jenkins-ci.plugins/google-kubernetes-engine	org.jenkins-ci.plugins	google-kubernetes-engine	= 0.6.3
Affected	pkg:github/jenkinsci/google-kubernetes-engine-plugin	jenkinsci	google-kubernetes-engine-plugin	<= 0.6.2
Fixed	pkg:github/jenkinsci/google-kubernetes-engine-plugin	jenkinsci	google-kubernetes-engine-plugin	= 0.6.3

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date