CVE-2020-2167: 
Java vulnerability analysis and mitigation

CVE-2020-2167 (SECURITY-1739) is a remote code execution vulnerability discovered in the Jenkins OpenShift Pipeline Plugin. The vulnerability was disclosed on March 25, 2020, affecting OpenShift Pipeline Plugin versions 1.0.56 and earlier. The issue stems from the plugin's YAML parser configuration which did not prevent the instantiation of arbitrary types (Jenkins Advisory, OSS Security).

The vulnerability is rated as High severity with a CVSS v3.1 base score of 8.8 (HIGH) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The core issue lies in the plugin's YAML parser configuration which failed to restrict the instantiation of arbitrary types, leading to potential remote code execution. The vulnerability is tracked as SECURITY-1739 in Jenkins security tracking system (NVD).

The vulnerability allows remote code execution (RCE) on affected systems. Users who have the ability to provide YAML input files to the OpenShift Pipeline Plugin's build step could potentially exploit this vulnerability to execute arbitrary code on the system (Jenkins Advisory, Red Hat).

The vulnerability was fixed in OpenShift Pipeline Plugin version 1.0.57, which configures the YAML parser to only instantiate safe types. Users are strongly advised to upgrade to this version or later. Red Hat has also released security updates to address this vulnerability in OpenShift Container Platform 3.11 (Jenkins Advisory, Red Hat).