CVE-2022-41237

Summary

Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins DotCi Pluginunspecified <= 2.40.00affected
Jenkins projectJenkins DotCi Pluginnext of 2.40.00 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References