A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.

Affected Packages

Maven org.jenkins-ci.plugins:docker-build-step

Affected versions: 0 (last affected: 2.11)

Related CVEs

CVE-2024-2215

Key Information

GHSA ID

GHSA-64c5-r2h5-c2fg

Published

March 6, 2024 6:30 PM

Last Modified

October 28, 2024 1:17 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:docker-build-step

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.