3 matches found
Artifact Hub has Incorrect Docker Hub registry check
Impact During a security audit of Artifact Hub's code base, a security researcher at OffSec identified a bug in which the registryIsDockerHub function was only checking that the registry domain had the docker.io suffix. Artifact Hub allows providing some Docker credentials that are used to increa...
CVE-2022-45385
A missing permission check in Jenkins CloudBees Docker Hub/Registry Notification Plugin 2.6.2 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository...
PT-2022-27487 · Cloudbees +1 · Jenkins Cloudbees Docker Hub/Registry Notification Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees Docker Hub/Registry Notification Plugin versions 2.6.2 and earlier Description: A missing permission check in the Jenkins CloudBees Docker Hub/Registry Notification Plugin allows unauthenticated attackers to trigger builds o...