Описание
RCE vulnerability in Jenkins DotCi Plugin
DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types.
This results in a remote code execution (RCE) vulnerability exploitable by attackers able to modify .ci.yml files in SCM. This plugin has been suspended.
Пакеты
Наименование
com.groupon.jenkins-ci.plugins:DotCi
maven
Затронутые версииВерсия исправления
<= 2.40.00
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
больше 3 лет назад
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.