CVE-2022-27198
published 2022-03-15CVE-2022-27198: A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read…
high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | aws_credentials_plugin | — | — |
| jenkins | cloudbees_aws_credentials | <= 189.v3551d5642995 | — |
| jenkins | cloudbees_aws_credentials | — | — |
| jenkins | cloudbees_aws_credentials | >= 1.28 < 1.28.2 | 1.28.2 |
| jenkins | dashboard_view_plugin | — | — |
| jenkins | environment_dashboard_plugin | — | — |
| jenkins | extended_choice_parameter_plugin | — | — |
| jenkins | favorite_plugin | — | — |
| jenkins | folder-based_authorization_strategy_plugin | — | — |
| jenkins | gitlab_authentication_plugin | — | — |
| jenkins | list_git_branches_parameter_plugin | — | — |
| jenkins | parameterized_trigger_plugin | — | — |
| jenkins | release_helper_plugin | — | — |
| jenkins | semantic_versioning_plugin | — | — |
| jenkins | vmware_vrealize_codestream_plugin | — | — |
| jenkins_project | jenkins_cloudbees_aws_credentials_plugin | unspecified – 189.v3551d5642995 | — |