3 matches found
com.groupon.jenkins-ci.plugins:DotCi-Fig-template (=1.1.0), com.groupon.jenkins-ci.plugins:DotCi-InstallPackages (>=1.1.3 <=1.3.1) +3 more potentially affected by CVE-2022-41237 via com.groupon.jenkins-ci.plugins:DotCi (>=1.0.0 <=2.32.1)
com.groupon.jenkins-ci.plugins:DotCi MAVEN version =1.0.0, =1.1.3, =1.7.2, =1.0.0, =1.0.0, =1.1.2 Source cves: CVE-2022-41237 Source advisory: OSV:GHSA-X3JJ-RGW9-7R5G...
CVE-2022-41237
CVE-2022-41237 affects Jenkins DotCi Plugin 2.40.00 and earlier. The vulnerability arises because the plugin’s YAML parser does not prevent the instantiation of arbitrary types, which can lead to remote code execution. This is documented across multiple sources (NVD, Red Hat advisory, OSV, and pu...
CVE-2022-41237
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...