CVEDB API

Vulnerabilities

Vulnerable Software

Jenkins: >> Docker >> 0.10.1 Security Vulnerabilities

CVE-2019-10340

A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVSS Score

8.8

EPSS Score

0.001

Published

2019-07-11

CVE-2019-10341

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVSS Score

6.5

EPSS Score

0.002

Published

2019-07-11

CVE-2019-10342

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

CVSS Score

4.3

EPSS Score

0.0

Published

2019-07-11

Page 1

Vulnerabilities

Vulnerable Software

Jenkins: >> Docker >> 0.10.1 Security Vulnerabilities

Products

Pricing

Contact Us