CVE-2019-10342

2019-07-1113:55:17

jenkins

www.cve.org

4.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.9%

JSON

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various ‘fillCredentialsIdItems’ methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

CNA Affected

[
  {
    "product": "Jenkins Docker Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "status": "affected",
        "version": "1.1.6 and earlier"
      }
    ]
  }
]