Medium severity6.5NVD Advisory· Published Oct 5, 2017· Updated May 13, 2026

CVE-2017-1000094

Description

Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jenkins-ci.plugins:docker-commonsMaven	< 1.8	1.8

Affected products

Jenkins/Docker Commons
cpe:2.3:a:jenkins:docker_commons:*:*:*:*:*:jenkins:*:*
Range: <=1.9

Patches

07ddeff53316

[SECURITY-533] Enforce EXTENDED_READ before supplying credentials IDs

https://github.com/jenkinsci/docker-commons-pluginJesse GlickJul 3, 2017via ghsa

commit

2 files changed · +8 −0

src/main/java/org/jenkinsci/plugins/docker/commons/credentials/DockerRegistryEndpoint.java+4 −0 modified

@@ -285,6 +285,10 @@ public String getDisplayName() {
         }
 
         public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item) {
+            if (item == null && !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER) ||
+                item != null && !item.hasPermission(Item.EXTENDED_READ)) {
+                return new StandardListBoxModel();
+            }
             // TODO may also need to specify a specific authentication and domain requirements
             return new StandardListBoxModel()
                     .withEmptySelection()

src/main/java/org/jenkinsci/plugins/docker/commons/credentials/DockerServerEndpoint.java+4 −0 modified

@@ -180,6 +180,10 @@ public String getDisplayName() {
         }
 
         public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryParameter String uri) {
+            if (item == null && !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER) ||
+                item != null && !item.hasPermission(Item.EXTENDED_READ)) {
+                return new StandardListBoxModel();
+            }
             List<DomainRequirement> domainRequirements = URIRequirementBuilder.fromUri(uri).build();
             domainRequirements.add(new DockerServerDomainRequirement());
             return new StandardListBoxModel()

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-69cj-g7mw-mh72ghsaADVISORY
jenkins.io/security/advisory/2017-07-10/nvdVendor Advisory
nvd.nist.gov/vuln/detail/CVE-2017-1000094ghsaADVISORY
github.com/jenkinsci/docker-commons-plugin/commit/07ddeff5331687db364d681504117b4e8b2dde6aghsaWEB
jenkins.io/security/advisory/2017-07-10ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000