CVE-2022-20617
maven/org.jenkins-ci.plugins/docker-commons
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Jenkins Docker Commons Plugin does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure
permission or able to control the contents of a previously configured job's SCM repository.
All versions up to 1.17
Unfortunately, there is no solution available yet.
2022-01-19
source |