CVE-2020-2123
HIGHJenkins Radargun < 1.7 - Insecure Deserialization
Title source: ruleDescription
Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
Scores
CVSS v3
8.8
EPSS
0.0081
EPSS Percentile
73.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-502
Status
published
Affected Products (2)
jenkins/radargun
< 1.7
org.jenkins-ci.plugins/radargun
< 1.8Maven
Timeline
Published
Feb 12, 2020
Tracked Since
Feb 18, 2026