logo

Database

OS Command Injection In org.jenkins-ci.plugins:docker-commons

Description

OS command execution vulnerability in Jenkins Docker Commons Plugin Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-206172. NVD-2022-206173. OSV-2022-206174. GCVE-2022-20617

References

1. https://github.com/jenkinsci/docker-commons-plugin/commit/c069b79c31c5aa80a01b0c462f0dc6b41751f0592. https://plugins.jenkins.io/docker-commons3. https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-18784. http://www.openwall.com/lists/oss-security/2022/01/12/65. https://github.com/shoucheng3/jenkinsci__docker-commons-plugin_CVE-2022-20617_1-17

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.