Description
Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Remediation
References
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1738
http://www.openwall.com/lists/oss-security/2020/07/02/7
Related Vulnerabilities
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_2.12
CVE-2023-33000 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration
CVE-2019-10416 Vulnerability in maven package org.jenkins-ci.plugins:violation-comments-to-gitlab
CVE-2016-0956 Vulnerability in maven package org.apache.sling:org.apache.sling.servlets.post
CVE-2023-42795 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core