Fluid Attacks Database

Description

Missing permission check in Jenkins Docker Plugin A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	io.jenkins.docker:docker-plugin	>=0 <1.1.7	1.1.7

Aliases

1. CVE-2019-103422. NVD-2019-103423. OSV-2019-103424. GCVE-2019-10342

References

1. https://jenkins.io/security/advisory/2019-07-11/#SECURITY-14002. http://www.openwall.com/lists/oss-security/2019/07/11/43. http://www.securityfocus.com/bid/109156