Jenkins Cloudbees Aws Credentials vulnerabilities

CVE-2022-27198 [HIGH] CWE-352 CVE-2022-27198: A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3 A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.

CVE-2022-27199 [MEDIUM] CWE-862 CVE-2022-27199: A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.

CVE-2021-21625 [MEDIUM] CWE-862 CVE-2021-21625: Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a h Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.