CVE-2024-2216

The vulnerability is a missing permission check in an HTTP endpoint in the Jenkins docker-build-step Plugin versions 2.11 and earlier [1]. This endpoint is used for testing connections, and it does not verify that the user has the necessary permissions to perform such actions.

An attacker with Overall/Read permission can exploit this by sending a crafted request to the endpoint, specifying a TCP or Unix socket URL under their control [2]. Additionally, the attacker can modify the plugin's configuration via the provided connection test parameters, which affects future build step executions.

The impact is that an attacker can redirect Docker operations to an arbitrary server, potentially leading to unauthorized code execution or data exfiltration in the context of builds [1]. The plugin's configuration is persisted, meaning subsequent builds may use the attacker-controlled connection.

As of the advisory, this vulnerability remains unresolved, with no patch available [2]. Users are advised to restrict Overall/Read permissions or disable the plugin if not essential [1].