3 matches found
com.aliyun.www:aliyun-container-service-deploy (>=0.1.0 <=0.1.1), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +50 more potentially affected by CVE-2017-1000094 via org.jenkins-ci.plugins:docker-commons (>=1.0 <=1.6)
org.jenkins-ci.plugins:docker-commons MAVEN version =1.0, =0.1.0, =1.9.2-beta, =1.0, =1.2, =1.0-beta-2, =0.1.0, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.2.0-beta-1 and more Source cves: CVE-2017-1000094 Source advisory: OSV:GHSA-69CJ-G7MW-MH72...
CVE-2017-1000094
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid...
CVE-2017-1000094
The CVE-2017-1000094 entry concerns the Jenkins Docker Commons Plugin. The exposed issue is that the plugin enumerates credential IDs without proper permission checks, allowing any user with Overall/Read permission to retrieve a list of valid credentials IDs. This can facilitate credential theft ...