Medium severity6.5NVD Advisory· Published Oct 5, 2017· Updated Jun 17, 2026
CVE-2017-1000094
CVE-2017-1000094
Description
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:docker-commonsMaven | < 1.8 | 1.8 |
Affected products
2- cpe:2.3:a:jenkins:docker_commons:*:*:*:*:*:jenkins:*:*Range: <=1.9
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-69cj-g7mw-mh72ghsaADVISORY
- jenkins.io/security/advisory/2017-07-10/nvdVendor Advisory
- nvd.nist.gov/vuln/detail/CVE-2017-1000094ghsaADVISORY
- github.com/jenkinsci/docker-commons-plugin/commit/07ddeff5331687db364d681504117b4e8b2dde6aghsaWEB
- jenkins.io/security/advisory/2017-07-10ghsaWEB
News mentions
0No linked articles in our index yet.