CVE-2017-1000094

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-1000094
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000094.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-1000094
Aliases
Published
2017-10-05T01:29:03Z
Modified
2024-10-12T02:23:03.015811Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.

References

Affected packages

Git / github.com/jenkinsci/docker-commons-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/docker-commons-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

docker-commons-1.*

docker-commons-1.0
docker-commons-1.0-alpha-1
docker-commons-1.0-alpha-10
docker-commons-1.0-alpha-11
docker-commons-1.0-alpha-12
docker-commons-1.0-alpha-13
docker-commons-1.0-alpha-14
docker-commons-1.0-alpha-2
docker-commons-1.0-alpha-3
docker-commons-1.0-alpha-4
docker-commons-1.0-alpha-5
docker-commons-1.0-alpha-6
docker-commons-1.0-alpha-7
docker-commons-1.0-alpha-8
docker-commons-1.0-alpha-9
docker-commons-1.0-beta-1
docker-commons-1.1
docker-commons-1.2
docker-commons-1.3
docker-commons-1.3.1
docker-commons-1.4.0
docker-commons-1.4.1
docker-commons-1.5
docker-commons-1.6
docker-commons-1.7
docker-commons-1.8
docker-commons-1.9