Main Vulnerability Database Vulnerabilities #VU25294

Input validation error in RadarGun - CVE-2020-2123

Published: February 13, 2020

Vulnerability identifier: #VU25294

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-2123

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Jenkins

Affected software:
RadarGun

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the affected software does not configure its YAML parser to prevent the instantiation of arbitrary types. A remote authenticated attacker can execute arbitrary code on the system.

How to mitigate CVE-2020-2123

Install updates from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2020/02/12/3
https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1733

Input validation error in RadarGun - CVE-2020-2123

Detailed vulnerability description

How to mitigate CVE-2020-2123

Sources

Please verify you're human