Description
Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/07/02/7
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1738
Related Vulnerabilities
CVE-2023-47440 Vulnerability in npm package gladys
CVE-2017-18353 Vulnerability in npm package rendertron-middleware
CVE-2019-10907 Vulnerability in maven package org.airsonic.player:airsonic-main
CVE-2016-10547 Vulnerability in maven package org.webjars.npm:nunjucks
CVE-2018-8003 Vulnerability in maven package org.apache.ambari:ambari-server