CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Jenkins: >> Docker-Build-Step Security Vulnerabilities

CVE-2024-2215

A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.

CVSS Score

6.1

EPSS Score

0.0

Published

2024-03-06

CVE-2024-2216

A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.

CVSS Score

8.8

EPSS Score

0.001

Published

2024-03-06

Page 1

Vulnerabilities

Vulnerable Software

Jenkins: >> Docker-Build-Step Security Vulnerabilities

Products

Pricing

Contact Us