Vulnerabilities > Jenkins > Pipeline Supporting Apis > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-09 | CVE-2018-1000058 | Deserialization of Untrusted Data vulnerability in Jenkins Pipeline Supporting Apis 2.15/2.16/2.17 Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. | 6.5 |