Vulnerability Data

CVE-2022-20617

Track security vulnerabilities

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository.

Published at
2022-01-12
4 days ago
Modified
2022-01-12
4 days ago
2022
Year
The year of the turtle

https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1878

CONFIRM:https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1878

Read More about itMore info

http://www.openwall.com/lists/oss-security/2022/01/12/6

MLIST:[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins

Read More about itMore info

Vulnerability RAW

{
	"Title": {
		"_text": "CVE-2022-20617"
	},
	"Notes": {
		"Note": [
			{
				"_text": "Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository."
			},
			{
				"_text": "2022-01-12"
			},
			{
				"_text": "2022-01-12"
			}
		]
	},
	"CVE": {
		"_text": "CVE-2022-20617"
	},
	"References": {
		"Reference": [
			{
				"URL": {
					"_text": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1878"
				},
				"Description": {
					"_text": "CONFIRM:https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1878"
				}
			},
			{
				"URL": {
					"_text": "http://www.openwall.com/lists/oss-security/2022/01/12/6"
				},
				"Description": {
					"_text": "MLIST:[oss-security] 20220112 Multiple vulnerabilities in Jenkins and Jenkins plugins"
				}
			}
		]
	}
}