A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.
{ "nvd_published_at": "2024-03-06T17:15:11Z", "cwe_ids": [ "CWE-862" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-03-06T20:17:20Z" }