85 matches found
CVE-2019-10342
CVE-2019-10342 describes a missing permission check in the Jenkins Docker Plugin (versions 1.1.6 and earlier) that allows users with Overall/Read access to enumerate credentials IDs stored in Jenkins via various fillCredentialsIdItems methods. The issue originates from inadequate authorization in...
PT-2019-11739 · Jenkins · Jenkins Docker Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Docker Plugin versions 1.1.6 and earlier Description: A cross-site request forgery issue allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...
PT-2019-11740 · Jenkins · Jenkins Docker Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Docker Plugin versions 1.1.6 and earlier Description: A missing permission check in the DockerAPI.DescriptorImpldoTestConnection function allowed users with Overall/Read access to connect to an attacker-specified URL using...
PT-2019-11741 · Jenkins · Jenkins Docker Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Docker Plugin versions 1.1.6 and earlier Description: A missing permission check in the Jenkins Docker Plugin allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. This issue is related t...
[SECURITY] Fedora 24 Update: pulp-docker-2.0.1-1.fc24
Provides a collection of Pulp server plugins and admin client extensions to support Docker content...