CVE-2019-10341

CWE-862Missing Authorization5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 61.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins DockerJenkins Project Jenkins Docker Plugin
Timeline
PublishedJul 11
Latest updateMay 24

Description

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_docker_plugin1.1.6 and earlier
NVDjenkins/docker1.1.6

🔴Vulnerability Details

3
GHSA
Missing permission check in Jenkins Docker Plugin2022-05-24
OSV
Missing permission check in Jenkins Docker Plugin2022-05-24
CVEList
CVE-2019-10341: A missing permission check in Jenkins Docker Plugin 12019-07-11

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-07-112019-07-11
CVE-2019-10341 (MEDIUM CVSS 6.5) | A missing permission check in Jenki | cvebase.io