{"id":"CVE-2024-2215","details":"A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.","aliases":["GHSA-64c5-r2h5-c2fg"],"modified":"2026-01-09T19:14:01.318434Z","published":"2024-03-06T17:15:11.593Z","references":[{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2024/03/06/3"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3200"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/docker-build-step-plugin","events":[{"introduced":"0"},{"last_affected":"a85688283c85672361ea34b875fb7870e5591f45"}]}],"versions":["docker-build-step-1.0","docker-build-step-1.1","docker-build-step-1.10","docker-build-step-1.11","docker-build-step-1.12","docker-build-step-1.13","docker-build-step-1.14","docker-build-step-1.15","docker-build-step-1.16","docker-build-step-1.17","docker-build-step-1.18","docker-build-step-1.19","docker-build-step-1.2","docker-build-step-1.2-redo","docker-build-step-1.2-redoII","docker-build-step-1.20","docker-build-step-1.21","docker-build-step-1.22","docker-build-step-1.23","docker-build-step-1.24","docker-build-step-1.25","docker-build-step-1.26","docker-build-step-1.27","docker-build-step-1.28","docker-build-step-1.29","docker-build-step-1.3","docker-build-step-1.30","docker-build-step-1.31","docker-build-step-1.32","docker-build-step-1.33","docker-build-step-1.34","docker-build-step-1.35","docker-build-step-1.36","docker-build-step-1.37","docker-build-step-1.38","docker-build-step-1.39","docker-build-step-1.4","docker-build-step-1.40","docker-build-step-1.41","docker-build-step-1.42","docker-build-step-1.43","docker-build-step-1.5","docker-build-step-1.6","docker-build-step-1.7","docker-build-step-1.8","docker-build-step-1.9","docker-build-step-2.0","docker-build-step-2.1","docker-build-step-2.10","docker-build-step-2.11","docker-build-step-2.2","docker-build-step-2.3","docker-build-step-2.4","docker-build-step-2.5","docker-build-step-2.6","docker-build-step-2.7","docker-build-step-2.8","docker-build-step-2.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2215.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L"}]}