Jenkins ≫ Cloudbees Aws Credentials

3 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

CVE-2022-27198

EPSS 0.08%
Published 15.03.2022 17:15:10
Last modified 21.11.2024 06:55:23

A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.

4.3

CVE-2022-27199

EPSS 0.91%
Published 15.03.2022 17:15:10
Last modified 21.11.2024 06:55:23

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.

4.3

CVE-2021-21625

EPSS 0.03%
Published 18.03.2021 14:15:13
Last modified 21.11.2024 05:48:43

Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in ...