RHCOS 4 : OpenShift Container Platform 4.6.55 (RHSA-2022:0565)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0565 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

RHCOS 4 : OpenShift Container Platform 4.7.43 (RHSA-2022:0491)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0491 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

RHCOS 4 : OpenShift Container Platform 4.9.19 (RHSA-2022:0339)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0339 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

RHCOS 4 : OpenShift Container Platform 4.8.31 (RHSA-2022:0483)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0483 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

RHCOS 3 : OpenShift Container Platform 3.11.634 (RHSA-2022:0555)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0555 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

EUVD-2022-2761

Malicious code in bioql PyPI...

com.aliyun.www:aliyun-container-service-deploy (>=0.1.0 <=0.1.1), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +50 more potentially affected by CVE-2017-1000094 via org.jenkins-ci.plugins:docker-commons (>=1.0 <=1.6)

org.jenkins-ci.plugins:docker-commons MAVEN version =1.0, =0.1.0, =1.9.2-beta, =1.0, =1.2, =1.0-beta-2, =0.1.0, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.2.0-beta-1 and more Source cves: CVE-2017-1000094 Source advisory: OSV:GHSA-69CJ-G7MW-MH72...

Jenkins Docker Commons Plugin allows any user with Overall/Read permission to get list of valid credentials IDs

Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid...

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

RHEL 8 : OpenShift Container Platform 4.6.55 (RHSA-2022:0565)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0565 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

RHEL 7 : OpenShift Container Platform 3.11.634 (RHSA-2022:0555)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0555 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

RHEL 8 : OpenShift Container Platform 4.7.43 (RHSA-2022:0491)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0491 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHEL 8 : OpenShift Container Platform 4.8.31 (RHSA-2022:0483)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0483 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Jenkins Enterprise and Operations Center < 2.277.43.0.5 / 2.319.2.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-01-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.5, or 2.x prior to 2.319.2.5. It is, therefore, affected by a multiple vulnerabilities, including the following: - Jenkins Docker Commons Plugin 1.17 and earlier does not...

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

The vulnerability of the Jenkins Docker Commons Plugin relates to the failure to take measures to neutralize special elements used in the operating system command line, allowing attackers to execute arbitrary commands.

The vulnerability of the Jenkins Docker Commons Plugin is related to the lack of measures taken to neutralize special elements used in the operating system command line. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

CVE-2022-20617

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...