CVE-2020-2123: 
Java vulnerability analysis and mitigation

CVE-2020-2123 is a high severity vulnerability affecting the RadarGun Plugin for Jenkins. The vulnerability was discovered and disclosed on February 12, 2020, affecting RadarGun Plugin versions 1.7 and earlier. The issue was identified by Daniel Kalinowski of ISEC.pl Research Team (Jenkins Advisory).

The vulnerability stems from a misconfiguration in the YAML parser implementation within the RadarGun Plugin. Specifically, the plugin does not configure its YAML parser to prevent the instantiation of arbitrary types, which creates a significant security risk. The vulnerability has been assigned a High severity rating according to the CVSS scoring system (Jenkins Advisory).

This vulnerability results in a remote code execution (RCE) capability that can be exploited by users who have permission to configure the RadarGun Plugin's build step. This means attackers with appropriate access could potentially execute arbitrary code on the Jenkins system (Jenkins Advisory).

The vulnerability has been fixed in RadarGun Plugin version 1.8, which configures the YAML parser to only instantiate safe types. Users are strongly advised to upgrade to this version to mitigate the security risk. The fix prevents the arbitrary type instantiation that made the vulnerability possible (Jenkins Advisory).