Remote Code Execution vulnerability in Jenkins Literate Plugin

2022-05-2417:10:30

Google

osv.dev

0.009 Low

EPSS

Percentile

83.2%

JSON

Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

CPENameOperatorVersion
org.jenkins-ci.plugins:literateeq0.2-beta-2
org.jenkins-ci.plugins:literateeq1.0
org.jenkins-ci.plugins:literateeq0.1-beta-1
org.jenkins-ci.plugins:literateeq0.2-beta-1
org.jenkins-ci.plugins:literateeq0.2-beta-3
org.jenkins-ci.plugins:literateeq0.1-beta-2
org.jenkins-ci.plugins:literateeq0.2-beta-4
org.jenkins-ci.plugins:literateeq0.2-beta-5

Name	Operator	Version
org.jenkins-ci.plugins:literate	eq	0.2-beta-2
org.jenkins-ci.plugins:literate	eq	1.0
org.jenkins-ci.plugins:literate	eq	0.1-beta-1
org.jenkins-ci.plugins:literate	eq	0.2-beta-1
org.jenkins-ci.plugins:literate	eq	0.2-beta-3
org.jenkins-ci.plugins:literate	eq	0.1-beta-2
org.jenkins-ci.plugins:literate	eq	0.2-beta-4
org.jenkins-ci.plugins:literate	eq	0.2-beta-5