CVE-2019-10342

CWE-862Missing Authorization5 documents5 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 87.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins DockerJenkins Project Jenkins Docker Plugin
Timeline
PublishedJul 11
Latest updateMay 24

Description

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_docker_plugin1.1.6 and earlier
NVDjenkins/docker1.1.6

🔴Vulnerability Details

3
GHSA
Missing permission check in Jenkins Docker Plugin2022-05-24
OSV
Missing permission check in Jenkins Docker Plugin2022-05-24
CVEList
CVE-2019-10342: A missing permission check in Jenkins Docker Plugin 12019-07-11

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-07-112019-07-11
CVE-2019-10342 (MEDIUM CVSS 4.3) | A missing permission check in Jenki | cvebase.io