Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository.
{ "nvd_published_at": "2022-01-12T20:15:00Z", "cwe_ids": [ "CWE-78" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-04-29T04:27:21Z" }