CVE-2022-20617

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in maven/org.jenkins-ci.plugins/docker-commons

Identifiers

CVE-2022-20617

Package Slug

maven/org.jenkins-ci.plugins/docker-commons

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

Jenkins Docker Commons Plugin does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository.

Affected Versions

All versions up to 1.17

Solution

Upgrade to version 1.18 or above.

Last Modified

2022-01-19

source