Description
Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/03/25/2
https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1732
Related Vulnerabilities
CVE-2023-45143 Vulnerability in npm package undici
CVE-2018-8034 Vulnerability in maven package org.apache.tomcat:tomcat-websocket
CVE-2022-36036 Vulnerability in npm package mdx-mermaid
CVE-2021-23419 Vulnerability in npm package open-graph
CVE-2019-1003062 Vulnerability in maven package org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher