Jenkins

Amazon Ec2

6 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2020-2185

  • EPSS 0.1%
  • Published 06.05.2020 13:15:14
  • Last modified 21.11.2024 05:24:53

Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.

4.3

CVE-2020-2186

  • EPSS 0.53%
  • Published 06.05.2020 13:15:14
  • Last modified 21.11.2024 05:24:54

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.

6.8

CVE-2020-2187

  • EPSS 0.04%
  • Published 06.05.2020 13:15:14
  • Last modified 21.11.2024 05:24:54

Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.

4.3

CVE-2020-2188

  • EPSS 0.03%
  • Published 06.05.2020 13:15:14
  • Last modified 21.11.2024 05:24:54

A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

8.8

CVE-2020-2090

  • EPSS 0.11%
  • Published 15.01.2020 16:15:14
  • Last modified 21.11.2024 05:24:34

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

8.1

CVE-2020-2091

  • EPSS 0.05%
  • Published 15.01.2020 16:15:14
  • Last modified 21.11.2024 05:24:34

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another met...