CVE-2023-41942
published 2023-09-06CVE-2023-41942: A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | assembla_auth_plugin | — | — |
| jenkins | aws_codecommit_trigger | <= 3.0.12 | — |
| jenkins | aws_codecommit_trigger_plugin | — | — |
| jenkins | bitbucket_push_and_pull_request_plugin | — | — |
| jenkins | config_file_provider_plugin | — | — |
| jenkins | disabled_permissions_can_be_granted_by_ssh2_easy_plugin | — | — |
| jenkins | disabled_permissions_granted_by_assembla_auth_plugin | — | — |
| jenkins | frugal_testing_plugin | — | — |
| jenkins | google_login_plugin | — | — |
| jenkins | ivy_plugin | — | — |
| jenkins | job_configuration_history_plugin | — | — |
| jenkins | non-constant_time_token_comparison_in_google_login_plugin | — | — |
| jenkins | pipeline_maven_integration_plugin | — | — |
| jenkins | qualys_container_scanning_connector_plugin | — | — |
| jenkins | ssh2_easy_plugin | — | — |
| jenkins | tap_plugin | — | — |
| jenkins_project | jenkins_aws_codecommit_trigger_plugin | <= 3.0.12 | — |