2 matches found
CVE-2020-2180
Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
CVE-2020-2180
CVE-2020-2180 affects Jenkins AWS SAM Plugin (versions 1.2.2 and earlier). The root cause is that the YAML parser did not restrict deserialization of arbitrary types, enabling remote code execution. Exploitation is feasible by a user who can configure a job or control the YAML template in an AWS ...