Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Aws_codecommit_trigger
(Jenkins)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-06 | CVE-2023-41941 | A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins. | Aws_codecommit_trigger | 4.3 | ||
| 2023-09-06 | CVE-2023-41942 | A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue. | Aws_codecommit_trigger | 4.3 | ||
| 2023-09-06 | CVE-2023-41943 | Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. | Aws_codecommit_trigger | 6.5 | ||
| 2023-09-06 | CVE-2023-41944 | Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability. | Aws_codecommit_trigger | 6.1 | ||
| 2023-06-14 | CVE-2023-35147 | Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system. | Aws_codecommit_trigger | 6.5 |