A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.

Affected Packages

Maven org.jenkins-ci.plugins:docker-build-step

Affected versions: 0 (last affected: 2.11)

Related CVEs

CVE-2024-2216

Key Information

GHSA ID

GHSA-8h2m-54wh-gwj3

Published

March 6, 2024 6:30 PM

Last Modified

August 27, 2024 2:15 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:docker-build-step

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.