CVE-2019-10342

2019-07-1114:15:10

Google

osv.dev

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.9%

JSON

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various ‘fillCredentialsIdItems’ methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

CPENameOperatorVersion
docker-plugineqdocker-plugin-0.6.2
docker-plugineqdocker-plugin-0.9.0-rc1
docker-plugineqdocker-plugin-1.1
docker-plugineqdocker-plugin-0.3.3
docker-plugineqdocker-plugin-parent-1.0.2
docker-plugineqdocker-plugin-0.10.1
docker-plugineqdocker-plugin-parent-0.18
docker-plugineqdocker-plugin-0.11.0
docker-plugineqdocker-plugin-0.3.1
docker-plugineqdocker-plugin-0.3.5

Name	Operator	Version
docker-plugin	eq	docker-plugin-0.6.2
docker-plugin	eq	docker-plugin-0.9.0-rc1
docker-plugin	eq	docker-plugin-1.1
docker-plugin	eq	docker-plugin-0.3.3
docker-plugin	eq	docker-plugin-parent-1.0.2
docker-plugin	eq	docker-plugin-0.10.1
docker-plugin	eq	docker-plugin-parent-0.18
docker-plugin	eq	docker-plugin-0.11.0
docker-plugin	eq	docker-plugin-0.3.1
docker-plugin	eq	docker-plugin-0.3.5