CVE-2020-2166
published 2020-03-25CVE-2020-2166: Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | artifactory_plugin | — | — |
| jenkins | aws_steps_plugin | — | — |
| jenkins | azure_container_service_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | openshift_pipeline_plugin | — | — |
| jenkins | pipeline | <= 1.40 | — |
| jenkins | queue_cleanup_plugin | — | — |
| jenkins | rapiddeploy_plugin | — | — |
| jenkins | yaml_input_files_to_azure_container_service_plugin | — | — |
| jenkins | yaml_input_files_to_openshift_pipeline_plugin | — | — |
| jenkins_project | jenkins_pipeline_aws_steps_plugin | unspecified – 1.40 | — |