Description
Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Remediation
References
http://www.openwall.com/lists/oss-security/2020/07/02/7
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1738
Related Vulnerabilities
CVE-2019-12418 Vulnerability in maven package org.apache.tomcat:tomcat-catalina-jmx-remote
CVE-2021-29484 Vulnerability in npm package ghost
CVE-2017-16881 Vulnerability in maven package org.b3log:symphony
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_2.12
CVE-2022-24891 Vulnerability in maven package org.owasp.esapi:esapi