Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2022-09-21T15:45:56
Updated: 2024-08-03T12:35:49.556Z
Reserved: 2022-09-21T00:00:00
Link: CVE-2022-41237
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-09-21T16:15:10.617
Modified: 2023-11-01T20:24:36.113
Link: CVE-2022-41237
Redhat
No data.