Lucene search
K

9262 matches found

NVD
NVD
added 2022/01/12 8:15 p.m.18 views

CVE-2022-20617

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...

8.8CVSS0.02277EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/01/12 8:15 p.m.5 views

CVE-2022-20617

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...

8.8CVSS7.4AI score0.02277EPSS
Exploits0References3
Prion
Prion
added 2022/01/12 8:15 p.m.10 views

Information disclosure

Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information access token or password on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would...

2.1CVSS5.2AI score0.00412EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/01/12 8:15 p.m.20 views

Command injection

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...

6.5CVSS8.4AI score0.02277EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/12 7:29 p.m.16 views

CVE-2021-45449

Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information access token or password on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would...

5.5AI score0.00412EPSS
Exploits0References1
CVE
CVE
added 2022/01/12 7:29 p.m.55 views

CVE-2021-45449

CVE-2021-45449 affects Docker Desktop versions 4.3.0 and 4.3.1. A bug may log sensitive information (access tokens or passwords) on a user’s machine during login. Exploitation requires local access to the user’s files. The description notes that only users who have logged in on 4.3.0/4.3.1 are af...

5.5CVSS5.2AI score0.00412EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/01/12 7:5 p.m.194 views

CVE-2022-20617

CVE-2022-20617 affects the Jenkins Docker Commons Plugin (1.17 and earlier); OS command execution arises from unsanitized image/tag names. Exploitation requires Item/Configure permission or control over a job’s SCM content. The provided documents indicate this vulnerability is addressed in relate...

8.8CVSS8.5AI score0.02277EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/12 7:5 p.m.25 views

CVE-2022-20617

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...

8.8AI score0.02277EPSS
Exploits0References2
Kitploit
Kitploit
added 2022/01/12 11:30 a.m.28 views

RAUDI - A Repo To Automatically Generate And Keep Updated A Series Of Docker Images Through GitHub Actions

RAUDI Regularly and Automatically Updated Docker Images automatically generates and keep updated a series of Docker Images through GitHub Actions for tools that are not provided by the developers. What is RAUDI RAUDI is what will save you from creating and managing a lot of Docker Images manually...

7.3AI score
Exploits0References28
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.4 views

Docker 日志信息泄露漏洞

Docker is an open source application container engine from the U.S. company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...

5.5CVSS5.7AI score0.00412EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.6 views

Jenkins 插件 操作系统命令注入漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Docker Commons...

8.8CVSS8.1AI score0.02277EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2022/01/12 12:0 a.m.2 views

PT-2022-1412 · Jenkins · Jenkins Docker Commons Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Docker Commons Plugin versions 1.17 and earlier Description: The issue is related to the Jenkins Docker Commons Plugin not sanitizing the name of an image or a tag, resulting in an OS command execution vulnerability. This can be...

9CVSS8.7AI score0.02277EPSS
Exploits0References14
Hacker One
Hacker One
added 2022/01/06 12:29 a.m.31 views

GitLab: Container escape on public GitLab CI runners

Summary It is possible to circumvent the isolation in place for build jobs running on public CI runners by escaping the docker container running the build job. This is possible via abuse of the cgroup releaseagent functionality, made possible by CI jobs being allowed to mount filesystems inside t...

7.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/04 5:37 p.m.188 views

Security Bulletin: IBM Security Access Manager has fixed a vulnerability in the log4j library shipped with the product. (CVE-2021-4104)

Summary The IBM Security Access Manager version 9.0 ships with a version of log4j that is vulnerable to CVE-2021-4104. The log4j library is no longer used by the IBM Security Access Manager product and a Fixpack has been provided to remove the unused library. Vulnerability Details CVEID:...

7.5CVSS2.2AI score0.81147EPSS
Exploits9Affected Software1
GithubExploit
GithubExploit
added 2021/12/30 7:10 p.m.802 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

LOG4J Vulnerability A Java-based project presenting how to ex...

10CVSS8.8AI score0.99999EPSS
Exploits347
ThreatPost
ThreatPost
added 2021/12/29 2:26 p.m.21 views

Cryptomining Attack Exploits Docker API Misconfiguration Since 2019

Hackers behind a cryptomining campaign have managed to avoid detection since 2019. The attacks exploited misconfigured Docker APIs that allowed them to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency, researchers said. The attack technique is...

7.9AI score
Exploits0References6
Gitee
Gitee
added 2021/12/27 4:5 p.m.4 views

vulhub

This repository is an offensive tool for vulnerability research and exploitation, specifically targeting various web applications and services. It contains a collection of exploits and tools for identifying and exploiting vulnerabilities in software and systems. The repository includes a variety ...

8.2AI score
Exploits0
GithubExploit
GithubExploit
added 2021/12/24 7:26 p.m.212 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell POC CVE-2021-44228 The scope of this repository i...

10CVSS9.3AI score0.99999EPSS
Exploits347
GithubExploit
GithubExploit
added 2021/12/24 7:26 p.m.422 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell POC CVE-2021-44228 The scope of this repository i...

10CVSS9.3AI score0.99999EPSS
Exploits347
GithubExploit
GithubExploit
added 2021/12/24 7:26 p.m.694 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell POC CVE-2021-44228 The scope of this repository i...

10CVSS9.3AI score0.99999EPSS
Exploits347
Rows per page
Query Builder