Missing Permission Check in Jenkins Docker Plugin Allows Credential Enumeration
CVE-2019-10342
4.3MEDIUM
Key Information:
- Vendor
Jenkins
- Status
- Vendor
- CVE Published:
- 11 July 2019
What is CVE-2019-10342?
The Jenkins Docker Plugin before version 1.1.7 contains a vulnerability where a missing permission check in certain 'fillCredentialsIdItems' methods enables users with Overall/Read access to enumerate stored credential IDs. This flaw could expose sensitive information, allowing unauthorized users to gain insights into the credentials managed in Jenkins, potentially leading to further exploitation.
Affected Version(s)
Jenkins Docker Plugin 1.1.6 and earlier