{"id":"CVE-2017-1000094","details":"Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.","aliases":["GHSA-69cj-g7mw-mh72"],"modified":"2026-03-14T09:23:37.396941Z","published":"2017-10-05T01:29:03.853Z","references":[{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2017-07-10/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/docker-commons-plugin","events":[{"introduced":"0"},{"last_affected":"cb9c560cf9766aa74209f10f238761dfc98eafdb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.9"}]}}],"versions":["docker-commons-1.0","docker-commons-1.0-alpha-1","docker-commons-1.0-alpha-10","docker-commons-1.0-alpha-11","docker-commons-1.0-alpha-12","docker-commons-1.0-alpha-13","docker-commons-1.0-alpha-14","docker-commons-1.0-alpha-2","docker-commons-1.0-alpha-3","docker-commons-1.0-alpha-4","docker-commons-1.0-alpha-5","docker-commons-1.0-alpha-6","docker-commons-1.0-alpha-7","docker-commons-1.0-alpha-8","docker-commons-1.0-alpha-9","docker-commons-1.0-beta-1","docker-commons-1.1","docker-commons-1.2","docker-commons-1.3","docker-commons-1.3.1","docker-commons-1.4.0","docker-commons-1.4.1","docker-commons-1.5","docker-commons-1.6","docker-commons-1.7","docker-commons-1.8","docker-commons-1.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000094.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}