83 matches found
com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +39 more potentially affected by CVE-2022-20616 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.24)
org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2022-20616 Source advisory: OSV:GHSA-GQM2-2GCX-P88W...
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
Unspecified Vulnerability in CloudBees Jenkins Docker Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Docker Plugin is used in one of the plugin to...
Unspecified vulnerability in CloudBees Jenkins Docker plugin (CNVD-2019-23799)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Docker Plugin is used in one of the plugin to...
CVE-2019-10341
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...
CVE-2019-10341
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...
CVE-2019-10342
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2019-10340
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
CVE-2019-10342
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2019-10340
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
Information disclosure
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
Design/Logic Flaw
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
CVE-2019-10342
CVE-2019-10342 describes a missing permission check in the Jenkins Docker Plugin (versions 1.1.6 and earlier) that allows users with Overall/Read access to enumerate credentials IDs stored in Jenkins via various fillCredentialsIdItems methods. The issue originates from inadequate authorization in...
CVE-2019-10342
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2019-10341
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...
CVE-2019-10341
Summary: CVE-2019-10341 affects Jenkins Docker Plugin 1.1.6 and earlier. A missing permission check in the DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker‑specified URL using attacker‑specified credentials IDs, potentially capturing crede...
CVE-2019-10340
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
CVE-2019-10340
Jenkins Docker Plugin ≤ 1.1.6 is affected by a cross-site request forgery via DockerAPI.DescriptorImpl#doTestConnection. The vulnerability allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing credentials stor...
PT-2019-11741 · Jenkins · Jenkins Docker Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Docker Plugin versions 1.1.6 and earlier Description: A missing permission check in the Jenkins Docker Plugin allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. This issue is related t...