CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20617 – jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution
https://notcve.org/view.php?id=CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository. Jenkins Docker Commons Plugin versiones 1.17 y anteriores, no sanea el nombre de una imagen o una etiqueta, resultando en una vulnerabilidad de ejecución de comandos del Sistema Operativo explotable por atacantes con permiso Item/Configure o capaces de controlar el contenido del repositorio SCM de un trabajo previamente configurado An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to execute OS commands. • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1878 https://access.redhat.com/security/cve/CVE-2022-20617 https://bugzilla.redhat.com/show_bug.cgi?id=2044502 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000094
https://notcve.org/view.php?id=CVE-2017-1000094
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability. El plugin Docker Commons proporciona una lista de ID de credenciales aplicables para permitir a los usuarios configurar una tarea para que escojan la que les apetezca utilizar para autenticarse con un registro Docker. Esta funcionalidad no chequea permisos, lo que permite que cualquier usuario con permiso Overall/Read obtenga una lista de ID de credenciales válidos. • https://jenkins.io/security/advisory/2017-07-10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •