Jenkins - Aws Codecommit Trigger CVE - OpenCVE

Filtered by vendor Jenkins Subscriptions

Filtered by product Aws Codecommit Trigger Subscriptions

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-41941	1 Jenkins	1 Aws Codecommit Trigger	2024-08-02	4.3 Medium
A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.
CVE-2023-41942	1 Jenkins	1 Aws Codecommit Trigger	2024-08-02	4.3 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.
CVE-2023-41943	1 Jenkins	1 Aws Codecommit Trigger	2024-08-02	6.5 Medium
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue.
CVE-2023-41944	1 Jenkins	1 Aws Codecommit Trigger	2024-08-02	6.1 Medium
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.
CVE-2023-35147	1 Jenkins	1 Aws Codecommit Trigger	2024-08-02	6.5 Medium
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.

Page 1 of 1.