CVE-2020-2179

Name of the Vulnerable Software and Affected Versions Jenkins Yaml Axis Plugin versions 0.2.0 and earlier

Description The issue results from the YAML parser not being configured to prevent the instantiation of arbitrary types, leading to a remote code execution vulnerability. This vulnerability is exploitable by users who can configure a multi-configuration job or control the contents of a previously configured job's SCM repository.

Recommendations For Jenkins Yaml Axis Plugin versions 0.2.0 and earlier, update to version 0.2.1 or later, which configures its YAML parser to only instantiate safe types.