CVE-2017-1000094
Last modified
CVE-2017-1000094 is a vulnerability of currently unknown severity. Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. EPSS estimates a 0.97% chance of exploitation in the next 30 days.
Description
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Docker Commons | <= 1.9 |
References
- https://jenkins.io/security/advisory/2017-07-10/Vendor Advisory
- https://jenkins.io/security/advisory/2017-07-10/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-1000094?
How severe is CVE-2017-1000094?
How do I fix CVE-2017-1000094?
Are you affected by CVE-2017-1000094?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST