CVE-2022-27211: 
Java vulnerability analysis and mitigation

CVE-2022-27211 is a permission check vulnerability in the Jenkins Kubernetes Continuous Deploy Plugin version 2.3.1 and earlier, disclosed on March 15, 2022. The vulnerability affects the plugin's HTTP endpoint implementation and impacts Jenkins installations using this plugin (Jenkins Advisory).

The vulnerability stems from a missing permission check in an HTTP endpoint of the Kubernetes Continuous Deploy Plugin. This security flaw allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs that were obtained through other means. The vulnerability has been assigned a High severity (CVSS) rating (Jenkins Advisory).

The vulnerability enables attackers with Overall/Read permission to potentially capture credentials stored in Jenkins by connecting to an attacker-controlled SSH server using credential IDs obtained through other methods. This could lead to unauthorized access to sensitive credentials and potential compromise of connected systems (Jenkins Advisory).

As of the advisory publication on March 15, 2022, no fix was available for this vulnerability in the Kubernetes Continuous Deploy Plugin. Organizations using version 2.3.1 or earlier of the plugin should assess their risk and consider implementing additional access controls to limit Overall/Read permissions (Jenkins Advisory).