GHSA-x3jj-rgw9-7r5g
GitHub Security Advisory
RCE vulnerability in Jenkins DotCi Plugin
✓ GitHub Reviewed
HIGH
Has CVE
Advisory Details
DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types.
This results in a remote code execution (RCE) vulnerability exploitable by attackers able to modify `.ci.yml` files in SCM. This plugin has been suspended.
Affected Packages
Maven
com.groupon.jenkins-ci.plugins:DotCi
Affected versions:
0
(last affected: 2.40.00)
Related CVEs
Key Information
7.5
/10
Dataset
Last updated: August 24, 2025 6:28 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.