Description
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Jenkins project | Jenkins CloudBees AWS Credentials Plugin | affected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-4452 | Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances. |
 Github GHSA |
GHSA-jwr9-h4jm-c9ch | Missing permission checks in Jenkins CloudBees AWS Credentials Plugin allows enumerating credentials IDs |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published:
Updated: 2024-08-03T18:16:23.692Z
Reserved: 2021-01-04T00:00:00.000Z
Link: CVE-2021-21625
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-18T14:15:13.427
Modified: 2024-11-21T05:48:43.287
Link: CVE-2021-21625
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses