← Back

Docker Commons

docker_commons

Vendor: Jenkins • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-20617
1Jenkins
1Docker Commons
Nov 21, 2024
Jan 12, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to contro...Show more
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository.Show less
CVE-2017-1000094
1Jenkins
1Docker Commons
May 13, 2026
Oct 5, 2017
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permission...Show more
Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.Show less