CVE-2020-2166

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
25/03/2020
Last modified:
25/10/2023

Description

Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:jenkins:pipeline\:_aws_steps:*:*:*:*:*:jenkins:*:* 1.40 (including)