9262 matches found
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
Information disclosure
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information access token or password on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would...
Command injection
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
CVE-2021-45449
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information access token or password on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would...
CVE-2021-45449
CVE-2021-45449 affects Docker Desktop versions 4.3.0 and 4.3.1. A bug may log sensitive information (access tokens or passwords) on a user’s machine during login. Exploitation requires local access to the user’s files. The description notes that only users who have logged in on 4.3.0/4.3.1 are af...
CVE-2022-20617
CVE-2022-20617 affects the Jenkins Docker Commons Plugin (1.17 and earlier); OS command execution arises from unsanitized image/tag names. Exploitation requires Item/Configure permission or control over a job’s SCM content. The provided documents indicate this vulnerability is addressed in relate...
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
RAUDI - A Repo To Automatically Generate And Keep Updated A Series Of Docker Images Through GitHub Actions
RAUDI Regularly and Automatically Updated Docker Images automatically generates and keep updated a series of Docker Images through GitHub Actions for tools that are not provided by the developers. What is RAUDI RAUDI is what will save you from creating and managing a lot of Docker Images manually...
Docker 日志信息泄露漏洞
Docker is an open source application container engine from the U.S. company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...
Jenkins 插件 操作系统命令注入漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Docker Commons...
PT-2022-1412 · Jenkins · Jenkins Docker Commons Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Docker Commons Plugin versions 1.17 and earlier Description: The issue is related to the Jenkins Docker Commons Plugin not sanitizing the name of an image or a tag, resulting in an OS command execution vulnerability. This can be...
GitLab: Container escape on public GitLab CI runners
Summary It is possible to circumvent the isolation in place for build jobs running on public CI runners by escaping the docker container running the build job. This is possible via abuse of the cgroup releaseagent functionality, made possible by CI jobs being allowed to mount filesystems inside t...
Security Bulletin: IBM Security Access Manager has fixed a vulnerability in the log4j library shipped with the product. (CVE-2021-4104)
Summary The IBM Security Access Manager version 9.0 ships with a version of log4j that is vulnerable to CVE-2021-4104. The log4j library is no longer used by the IBM Security Access Manager product and a Fixpack has been provided to remove the unused library. Vulnerability Details CVEID:...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
LOG4J Vulnerability A Java-based project presenting how to ex...
Cryptomining Attack Exploits Docker API Misconfiguration Since 2019
Hackers behind a cryptomining campaign have managed to avoid detection since 2019. The attacks exploited misconfigured Docker APIs that allowed them to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency, researchers said. The attack technique is...
vulhub
This repository is an offensive tool for vulnerability research and exploitation, specifically targeting various web applications and services. It contains a collection of exploits and tools for identifying and exploiting vulnerabilities in software and systems. The repository includes a variety ...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4Shell POC CVE-2021-44228 The scope of this repository i...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4Shell POC CVE-2021-44228 The scope of this repository i...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4Shell POC CVE-2021-44228 The scope of this repository i...