CVE-2019-10342
Description
Jenkins Docker Plugin 1.1.6 and earlier had a missing permission check allowing users with Overall/Read to enumerate credential IDs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Jenkins Docker Plugin 1.1.6 and earlier had a missing permission check allowing users with Overall/Read to enumerate credential IDs.
Vulnerability
CVE-2019-10342 is a missing permission check in the Jenkins Docker Plugin (versions 1.1.6 and earlier). The fillCredentialsIdItems methods did not verify that the user had the required permissions, allowing users with Overall/Read access to enumerate credentials IDs stored in Jenkins [1][2].
Exploitation
An attacker with only Overall/Read permission could exploit this by triggering the fillCredentialsIdItems methods to obtain a list of valid credential IDs. This enumeration could then be combined with another vulnerability (such as CVE-2019-10340, a CSRF and permission check issue in the same plugin) to capture the actual credentials [2].
Impact
Successful exploitation allows an attacker to learn which credential IDs exist, aiding in targeted attacks. While the IDs themselves are not the full credentials, they provide the necessary information to leverage other flaws to capture the credentials [2][3].
Mitigation
The vulnerability is fixed in Docker Plugin version 1.1.7, released July 11, 2019. Users should upgrade immediately. No other workarounds are mentioned in the advisory [2][3].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.jenkins.docker:docker-pluginMaven | < 1.1.7 | 1.1.7 |
Affected products
2- Range: 1.1.6 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-745w-v492-4fj5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10342ghsaADVISORY
- www.openwall.com/lists/oss-security/2019/07/11/4ghsamailing-listx_refsource_MLISTWEB
- www.securityfocus.com/bid/109156ghsavdb-entryx_refsource_BIDWEB
- jenkins.io/security/advisory/2019-07-11/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.