CVE-2023-41943
published 2023-09-06CVE-2023-41943: Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | assembla_auth_plugin | — | — |
| jenkins | aws_codecommit_trigger | <= 3.0.12 | — |
| jenkins | aws_codecommit_trigger_plugin | — | — |
| jenkins | bitbucket_push_and_pull_request_plugin | — | — |
| jenkins | config_file_provider_plugin | — | — |
| jenkins | disabled_permissions_can_be_granted_by_ssh2_easy_plugin | — | — |
| jenkins | disabled_permissions_granted_by_assembla_auth_plugin | — | — |
| jenkins | frugal_testing_plugin | — | — |
| jenkins | google_login_plugin | — | — |
| jenkins | ivy_plugin | — | — |
| jenkins | job_configuration_history_plugin | — | — |
| jenkins | non-constant_time_token_comparison_in_google_login_plugin | — | — |
| jenkins | pipeline_maven_integration_plugin | — | — |
| jenkins | qualys_container_scanning_connector_plugin | — | — |
| jenkins | ssh2_easy_plugin | — | — |
| jenkins | tap_plugin | — | — |
| jenkins_project | jenkins_aws_codecommit_trigger_plugin | <= 3.0.12 | — |