Tomasz Szuba

**Name of the Vulnerable Software and Affected Versions** Jenkins Docker Commons Plugin versions 1.17 and earlier **Description** The issue is related to the Jenkins Docker Commons Plugin not sanitizing the name of an image or a tag, resulting in an OS command execution vulnerability. This can be exploited by attackers with Item/Configure permission or those able to control the contents of a previously configured job's SCM repository, allowing them to execute arbitrary commands. **Recommendations** For Jenkins Docker Commons Plugin versions 1.17 and earlier, update to a version later than 1.17 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jenkins batch task Plugin versions 1.19 and earlier **Description** The issue allows attackers with Overall/Read access to perform certain actions due to cross-site request forgery (CSRF) vulnerabilities. These actions include retrieving logs, building, or deleting a batch task. **Recommendations** For Jenkins batch task Plugin versions 1.19 and earlier, consider restricting access to the plugin to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the Overall/Read access to authorized personnel only.