2 matches found
CVE-2020-2166
Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
CVE-2020-2166
CVE-2020-2166 affects Jenkins Pipeline: AWS Steps Plugin versions 1.40 and earlier. The root cause is that the YAML parser is not restricted, allowing instantiation of arbitrary types and enabling remote code execution. The vulnerability is described across multiple sources as RCE via YAML input ...