18 matches found
EUVD-2022-2761
Malicious code in bioql PyPI...
Jenkins Docker Commons Plugin allows any user with Overall/Read permission to get list of valid credentials IDs
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid...
jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution
An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...
jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution
An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...
jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution
An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...
jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution
An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...
Jenkins Enterprise and Operations Center < 2.277.43.0.5 / 2.319.2.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-01-12)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.5, or 2.x prior to 2.319.2.5. It is, therefore, affected by a multiple vulnerabilities, including the following: - Jenkins Docker Commons Plugin 1.17 and earlier does not...
jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution
An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...
GHSA-JPXJ-VGQ5-PRJC OS command execution vulnerability in Jenkins Docker Commons Plugin
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
OS command execution vulnerability in Jenkins Docker Commons Plugin
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
CVE-2022-20617
CVE-2022-20617 affects the Jenkins Docker Commons Plugin (1.17 and earlier); OS command execution arises from unsanitized image/tag names. Exploitation requires Item/Configure permission or control over a job’s SCM content. The provided documents indicate this vulnerability is addressed in relate...
Jenkins 插件 操作系统命令注入漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Docker Commons...
CVE-2017-1000094
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid...
CVE-2017-1000094
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid...
Design/Logic Flaw
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid...
CVE-2017-1000094
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid...