CVE-2019-10342
published 2019-07-11CVE-2019-10342: A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | caliper_ci_plugin | — | — |
| jenkins | dependency_graph_viewer_plugin | — | — |
| jenkins | docker | <= 1.1.6 | — |
| jenkins | docker_plugin | — | — |
| jenkins | embeddable_build_status_plugin | — | — |
| jenkins | gogs_plugin | — | — |
| jenkins | ids_to_allow_users_configuring_the_plugin | — | — |
| jenkins | port_allocator_plugin | — | — |
| jenkins_project | jenkins_docker_plugin | — | — |