Remote Code Execution Vulnerability in Jenkins OpenShift Pipeline Plugin
CVE-2020-2167

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Openshift Pipeline Plugin
Vendor: CVE Published:; 25 March 2020

What is CVE-2020-2167?

The Jenkins OpenShift Pipeline Plugin, specifically versions 1.0.56 and earlier, contains a critical vulnerability due to improper configuration of its YAML parser. This oversight allows for the instantiation of arbitrary types, potentially enabling remote code execution by malicious actors. Users of affected versions are strongly advised to upgrade to ensure their systems remain secure.

Affected Version(s)

Jenkins OpenShift Pipeline Plugin <= 1.0.56

References

https://jenkins.io/security/advisory/2020-03-25/#SECURITY...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2020/03/25/2

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 25, 2020
Vulnerability Reserved
Dec 5, 2019

JSON