11 matches found
EUVD-2022-5028
Malicious code in bioql PyPI...
CVE-2020-2180
Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
RCE vulnerability in Jenkins AWS SAM Plugin
AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to configure a job or control the contents of a previously configured "AWS SAM deploy...
GHSA-QRM8-CW73-R9W8 RCE vulnerability in Jenkins AWS SAM Plugin
AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to configure a job or control the contents of a previously configured "AWS SAM deploy...
PT-2021-14668 · Amazon +2 · Aws Parameter Store Build Wrapper +4
Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees AWS Credentials Plugin versions 1.28 and earlier Description: The issue allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins under certain circumstances. This can...
CloudBees Jenkins AWS SAM Plugin Code Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . AWS SAM Plugin is used in one of the...
CVE-2020-2180
Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
Remote code execution
Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
CVE-2020-2180
Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
CVE-2020-2180
CVE-2020-2180 affects Jenkins AWS SAM Plugin (versions 1.2.2 and earlier). The root cause is that the YAML parser did not restrict deserialization of arbitrary types, enabling remote code execution. Exploitation is feasible by a user who can configure a job or control the YAML template in an AWS ...
PT-2020-15393 · Jenkins · Jenkins Aws Sam Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins AWS SAM Plugin versions 1.2.2 and earlier Description: The issue results from the YAML parser not being configured to prevent the instantiation of arbitrary types, leading to a remote code execution vulnerability. This vulnerability i...