CVE-2020-2121

Medium

6.5/10

Summary

Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: SINGLE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

References

Advisory Timeline

Published Feb 12, 2020

CVE-2020-2121

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS