[JIRA] (JENKINS-57366) Script inject when docker.image

3 views
Skip to first unread message

liuchangcheng@huawei.com (JIRA)

unread,
May 8, 2019, 4:54:02 AM5/8/19
to jenkinsc...@googlegroups.com
Changcheng Liu created an issue
 
Jenkins / Bug JENKINS-57366
Script inject when docker.image
Issue Type: Bug Bug
Assignee: Unassigned
Attachments: image-2019-05-08-16-53-23-409.png
Components: docker-workflow-plugin
Created: 2019-05-08 08:53
Priority: Critical Critical
Reporter: Changcheng Liu

myDocker = docker.image('maven:3.5.3-jdk-1.8| echo a')
myDocker.pull()

This will invoke docker pull and echo a which allow script injection to the system 

 

 
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)
Reply all
Reply to author
Forward
0 new messages