Filtered by vendor Jenkins Subscriptions
Filtered by product Amazon Ec2 Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-2188 1 Jenkins 1 Amazon Ec2 2024-11-21 4.3 Medium
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2020-2187 1 Jenkins 1 Amazon Ec2 2024-11-21 5.6 Medium
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
CVE-2020-2186 1 Jenkins 1 Amazon Ec2 2024-11-21 4.3 Medium
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.
CVE-2020-2185 1 Jenkins 1 Amazon Ec2 2024-11-21 5.6 Medium
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
CVE-2020-2091 1 Jenkins 1 Amazon Ec2 2024-11-21 8.1 High
A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.
CVE-2020-2090 1 Jenkins 1 Amazon Ec2 2024-11-21 8.8 High
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.