Jenkins: >> Aws Codecommit Trigger Security Vulnerabilities
A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-09-06
A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-09-06
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-09-06
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-09-06
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-06-14