Information Exposure
A missing permission check in Jenkins Docker Plugin in various fillCredentialsIdItems methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Advisories for Maven/Io.jenkins.docker/Docker-Plugin package
2019
Information Exposure
A missing permission check in Jenkins Docker Plugin in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Cross-Site Request Forgery (CSRF)
A cross-site request forgery vulnerability in Jenkins Docker Plugin in DockerAPI.DescriptorImpl#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.