CVE-2019-10341
published 2019-07-11CVE-2019-10341: A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | caliper_ci_plugin | — | — |
| jenkins | dependency_graph_viewer_plugin | — | — |
| jenkins | docker | <= 1.1.6 | — |
| jenkins | docker_plugin | — | — |
| jenkins | embeddable_build_status_plugin | — | — |
| jenkins | gogs_plugin | — | — |
| jenkins | ids_to_allow_users_configuring_the_plugin | — | — |
| jenkins | port_allocator_plugin | — | — |
| jenkins_project | jenkins_docker_plugin | — | — |