CVE-2024-2216
- EPSS 0.11%
- Veröffentlicht 06.03.2024 17:15:11
- Zuletzt bearbeitet 18.09.2025 16:28:21
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the prov...
CVE-2019-10340
- EPSS 0.13%
- Veröffentlicht 11.07.2019 14:15:10
- Zuletzt bearbeitet 21.11.2024 04:18:55
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs...
CVE-2019-10341
- EPSS 0.17%
- Veröffentlicht 11.07.2019 14:15:10
- Zuletzt bearbeitet 21.11.2024 04:18:55
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained throug...
CVE-2019-10342
- EPSS 0.04%
- Veröffentlicht 11.07.2019 14:15:10
- Zuletzt bearbeitet 21.11.2024 04:18:55
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.