Описание
RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin
ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution (RCE) vulnerability exploitable by users able to provide YAML input files to ElasticBox Jenkins Kubernetes CI/CD Plugin’s build step.
Пакеты
Наименование
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
maven
Затронутые версииВерсия исправления
<= 1.3
Отсутствует
Связанные уязвимости
CVSS3: 8.8
nvd
больше 5 лет назад
Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.