// For flags

CVE-2017-1000094

 

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.

El plugin Docker Commons proporciona una lista de ID de credenciales aplicables para permitir a los usuarios configurar una tarea para que escojan la que les apetezca utilizar para autenticarse con un registro Docker. Esta funcionalidad no chequea permisos, lo que permite que cualquier usuario con permiso Overall/Read obtenga una lista de ID de credenciales vĂ¡lidos. Se podrĂ­an utilizar como parte de un ataque para capturar las credenciales utilizando otra vulnerabilidad.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-07-13 CVE Reserved
  • 2017-10-04 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://jenkins.io/security/advisory/2017-07-10 2017-10-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Jenkins
Search vendor "Jenkins"
 Docker Commons
Search vendor "Jenkins" for product "Docker Commons"
 <= 1.9
Search vendor "Jenkins" for product "Docker Commons" and version " <= 1.9"
jenkins
Affected