vulnerability

Red Hat OpenShift: CVE-2020-2167: openshift/jenkins-plugin: Deserialization in snakeyaml YAML() objects allows for remote code execution

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Mar 25, 2020	Mar 27, 2020	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Mar 25, 2020

Added

Mar 27, 2020

Modified

Aug 11, 2025

Description

Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

Solutions

linuxrpm-upgrade-jenkinslinuxrpm-upgrade-jenkins-2-plugins

References

CVE-2020-2167
https://attackerkb.com/topics/CVE-2020-2167
CWE-20
REDHAT-RHSA-2020:0964

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today