logo

Database

Improper authorization control for web services In org.jenkins-ci.plugins:docker-build-step

Description

Jenkins docker-build-step Plugin missing permission check A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2024-22162. NVD-2024-22163. OSV-2024-22164. GCVE-2024-2216

References

1. https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-32002. http://www.openwall.com/lists/oss-security/2024/03/06/3

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.