关联漏洞
标题:
Jenkins 插件 操作系统命令注入漏洞
(CVE-2022-20617)
描述:Jenkins和Jenkins 插件都是Jenkins开源的产品。Jenkins是一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建,部署和自动化任何项目。Jenkins 插件是一个应用软件。 Jenkins Docker Commons Plugin 存在操作系统命令注入漏洞,该漏洞源于 Jenkins Docker Commons Plugin 1.17 版本及更早版本不会清理图像或标签的名称,导致操作系统命令执行漏洞可被具有项目/配置权限的攻击者利用或能够控制先前配置的作业的
介绍
# Docker Commons API Plugin for Jenkins
[](https://gitter.im/jenkinsci/docker?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[](https://plugins.jenkins.io/docker-commons)
[](https://github.com/jenkinsci/docker-commons-plugin/releases/latest)
[](https://plugins.jenkins.io/docker-commons)
API plugin, which provides the common shared functionality for various Docker-related plugins.
## Summary
* API for managing Docker image and container fingerprints
* Credentials and location of Docker Registry
* Credentials and location of Docker Daemon (aka Docker Remote API)
* <code>ToolInstallation</code> for Docker CLI clients
* <code>DockerImageExtractor</code> extension point to get Docker image relations from jobs
* Simple UI referring related image fingerprints in Docker builds
* etc.
## Use-cases
### Credentials and locations
This allows users to configure one set of endpoint/credentials and use it across all the Docker related plugins,
thereby keeping configuration more [DRY](http://en.wikipedia.org/wiki/Don%27t_repeat_yourself).
See [Docker Pipeline Plugin](https://plugins.jenkins.io/docker-workflow) for the typical usage.
## Declarative pipeline example
An example on how to bind Docker host/daemon credentials in a declarative pipeline:
```groovy
pipeline {
agent any
tools {
// a bit ugly because there is no `@Symbol` annotation for the DockerTool
// see the discussion about this in PR 77 and PR 52:
// https://github.com/jenkinsci/docker-commons-plugin/pull/77#discussion_r280910822
// https://github.com/jenkinsci/docker-commons-plugin/pull/52
'org.jenkinsci.plugins.docker.commons.tools.DockerTool' '18.09'
}
environment {
DOCKER_CERT_PATH = credentials('id-for-a-docker-cred')
}
stages {
stage('foo') {
steps {
sh "docker version" // DOCKER_CERT_PATH is automatically picked up by the Docker client
}
}
}
}
```
## License
[MIT License](http://opensource.org/licenses/MIT)
## Changelog
* See [GitHub Releases](https://github.com/jenkinsci/docker-commons-plugin/releases/latest) for the recent versions
* See [the release notes archive](./CHANGELOG.md) for version `1.15` and older
文件快照
[4.0K] /data/pocs/6a434fa51b079a2ab35c431ae7ff85ba55ad2126
├── [5.2K] CHANGELOG.md
├── [4.0K] docs
│ └── [4.0K] images
│ ├── [ 253] add.svg
│ ├── [ 366] error.svg
│ └── [ 289] information.svg
├── [ 14] Jenkinsfile
├── [1.1K] LICENSE.txt
├── [6.1K] pom.xml
├── [2.5K] README.md
└── [4.0K] src
├── [4.0K] main
│ ├── [4.0K] java
│ │ └── [4.0K] org
│ │ └── [4.0K] jenkinsci
│ │ └── [4.0K] plugins
│ │ └── [4.0K] docker
│ │ └── [4.0K] commons
│ │ ├── [4.0K] credentials
│ │ │ ├── [ 16K] DockerRegistryEndpoint.java
│ │ │ ├── [7.7K] DockerRegistryToken.java
│ │ │ ├── [1.8K] DockerServerCredentialsBinding.java
│ │ │ ├── [2.4K] DockerServerCredentialsHandler.java
│ │ │ ├── [4.4K] DockerServerCredentials.java
│ │ │ ├── [1.6K] DockerServerDomainRequirement.java
│ │ │ ├── [2.7K] DockerServerDomainSpecification.java
│ │ │ ├── [9.5K] DockerServerEndpoint.java
│ │ │ ├── [2.0K] KeyMaterialContext.java
│ │ │ ├── [4.6K] KeyMaterialFactory.java
│ │ │ └── [3.1K] KeyMaterial.java
│ │ ├── [2.2K] DockerCommonsPlugin.java
│ │ ├── [2.9K] DockerImageExtractor.java
│ │ ├── [4.0K] fingerprint
│ │ │ ├── [4.1K] ContainerRecord.java
│ │ │ ├── [2.7K] DockerAncestorFingerprintFacet.java
│ │ │ ├── [2.3K] DockerDescendantFingerprintFacet.java
│ │ │ ├── [4.8K] DockerFingerprintAction.java
│ │ │ ├── [1.8K] DockerFingerprintFacet.java
│ │ │ ├── [ 13K] DockerFingerprints.java
│ │ │ ├── [2.2K] DockerRunFingerprintFacet.java
│ │ │ └── [3.1K] DockerRunPtrFingerprintFacet.java
│ │ ├── [4.0K] impl
│ │ │ ├── [5.2K] CompositeKeyMaterialFactory.java
│ │ │ ├── [2.1K] NullKeyMaterialFactory.java
│ │ │ ├── [5.4K] RegistryKeyMaterialFactory.java
│ │ │ ├── [2.6K] ServerHostKeyMaterialFactory.java
│ │ │ ├── [2.2K] ServerKeyMaterialFactoryFromDockerCredentials.java
│ │ │ ├── [4.9K] ServerKeyMaterialFactory.java
│ │ │ └── [2.4K] UsernamePasswordDockerRegistryTokenSource.java
│ │ └── [4.0K] tools
│ │ ├── [8.1K] DockerToolInstaller.java
│ │ └── [5.7K] DockerTool.java
│ ├── [4.0K] resources
│ │ ├── [1.2K] index.jelly
│ │ ├── [4.0K] lib
│ │ │ └── [4.0K] docker
│ │ │ └── [4.0K] commons
│ │ │ ├── [2.3K] selectDockerTool.jelly
│ │ │ └── [ 1] taglib
│ │ └── [4.0K] org
│ │ └── [4.0K] jenkinsci
│ │ └── [4.0K] plugins
│ │ └── [4.0K] docker
│ │ └── [4.0K] commons
│ │ ├── [4.0K] credentials
│ │ │ ├── [4.0K] DockerRegistryEndpoint
│ │ │ │ ├── [1.4K] config.jelly
│ │ │ │ └── [ 176] help-url.html
│ │ │ ├── [4.0K] DockerServerCredentials
│ │ │ │ └── [1.7K] credentials.jelly
│ │ │ ├── [4.0K] DockerServerCredentialsBinding
│ │ │ │ ├── [1.3K] config-variables.jelly
│ │ │ │ └── [ 339] help-variable.html
│ │ │ ├── [4.0K] DockerServerDomainSpecification
│ │ │ │ └── [ 155] help.jelly
│ │ │ └── [4.0K] DockerServerEndpoint
│ │ │ ├── [1.4K] config.jelly
│ │ │ └── [ 244] help-uri.html
│ │ ├── [4.0K] fingerprint
│ │ │ └── [4.0K] DockerFingerprintAction
│ │ │ ├── [3.3K] index.jelly
│ │ │ └── [ 33] index.properties
│ │ ├── [ 195] Messages.properties
│ │ └── [4.0K] tools
│ │ ├── [4.0K] DockerTool
│ │ │ ├── [1.4K] config.jelly
│ │ │ └── [ 136] help-home.html
│ │ ├── [4.0K] DockerToolInstaller
│ │ │ ├── [1.3K] config.jelly
│ │ │ └── [ 347] help-version.html
│ │ └── [1.2K] Messages.properties
│ └── [4.0K] webapp
│ └── [4.0K] images
│ ├── [4.0K] 16x16
│ │ └── [ 785] docker.png
│ ├── [4.0K] 24x24
│ │ └── [1.3K] docker.png
│ ├── [4.0K] 32x32
│ │ └── [1.7K] docker.png
│ └── [4.0K] 48x48
│ └── [2.7K] docker.png
└── [4.0K] test
├── [4.0K] java
│ └── [4.0K] org
│ └── [4.0K] jenkinsci
│ └── [4.0K] plugins
│ └── [4.0K] docker
│ └── [4.0K] commons
│ ├── [4.5K] CasCTest.java
│ ├── [3.5K] ConfigTest.java
│ ├── [4.0K] credentials
│ │ ├── [6.9K] DockerRegistryEndpointTest.java
│ │ ├── [6.4K] DockerServerCredentialsBindingTest.java
│ │ ├── [4.8K] DockerServerCredentialsHandlerTest.java
│ │ ├── [6.4K] DockerServerCredentialsTest.java
│ │ ├── [2.8K] DockerServerDomainSpecificationTest.java
│ │ └── [4.4K] DockerServerEndpointTest.java
│ ├── [4.0K] fingerprint
│ │ ├── [1.8K] DockerFingerprintsTest.java
│ │ └── [3.0K] DockerRunFingerprintFacetTest.java
│ ├── [4.0K] impl
│ │ └── [8.2K] RegistryKeyMaterialFactoryTest.java
│ ├── [4.0K] tools
│ │ ├── [6.9K] DockerToolInstallerTest.java
│ │ └── [2.6K] DockerToolTest.java
│ └── [4.0K] util
│ └── [3.9K] SampleDockerBuilder.java
└── [4.0K] resources
└── [4.0K] org
└── [4.0K] jenkinsci
└── [4.0K] plugins
└── [4.0K] docker
└── [4.0K] commons
├── [ 612] casc_bare.yaml
├── [ 618] casc_symbols.yaml
├── [4.0K] credentials
│ ├── [4.0K] DockerServerCredentialsBindingTest
│ │ ├── [ 487] basics-Jenkinsfile
│ │ ├── [ 387] basics-step1.bat
│ │ ├── [ 833] basics-step1.sh
│ │ ├── [ 171] basics-step2.bat
│ │ └── [ 322] basics-step2.sh
│ └── [4.0K] DockerServerCredentialsHandlerTest
│ ├── [ 493] basics-Jenkinsfile
│ ├── [ 387] basics-step1.bat
│ └── [ 833] basics-step1.sh
└── [4.0K] util
└── [4.0K] SampleDockerBuilder
└── [1.3K] config.jelly
63 directories, 86 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。