3 matches found
CVE-2020-2179
Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
CVE-2020-2179
Jenkins Yaml Axis Plugin (versions ≤0.2.0) is affected by a remote code execution vulnerability due to the YAML parser not restricting deserialized types. Exploitation is possible when a user can configure a multi-configuration (Matrix) job or control contents of a job’s SCM repository. The issue...
CVE-2020-2179
Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...