Jenkins Project Jenkins Amazon Ec2 Plugin vulnerabilities

7 known vulnerabilities affecting jenkins_project/jenkins_amazon_ec2_plugin.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2020-2185MEDIUMCVSS 5.6≥ unspecified, ≤ 1.50.12020-05-06
CVE-2020-2185 [MEDIUM] CVE-2020-2185: Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
cvelistv5nvd
CVE-2020-2188MEDIUMCVSS 4.3≥ unspecified, ≤ 1.50.12020-05-06
CVE-2020-2188 [MEDIUM] CWE-863 CVE-2020-2188: A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods a A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
cvelistv5nvd
CVE-2020-2187MEDIUMCVSS 5.6≥ unspecified, ≤ 1.50.12020-05-06
CVE-2020-2187 [MEDIUM] CWE-295 CVE-2020-2187: Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and do Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
cvelistv5nvd
CVE-2020-2186MEDIUMCVSS 4.3≥ unspecified, ≤ 1.50.12020-05-06
CVE-2020-2186 [MEDIUM] CWE-352 CVE-2020-2186: A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows at A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.
cvelistv5nvd
CVE-2020-2090HIGHCVSS 8.8≥ unspecified, ≤ 1.472020-01-15
CVE-2020-2090 [HIGH] CWE-352 CVE-2020-2090: A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows atta A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.
cvelistv5nvd
CVE-2020-2091HIGHCVSS 8.1≥ unspecified, ≤ 1.472020-01-15
CVE-2020-2091 [HIGH] CWE-862 CVE-2020-2091: A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overa A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.
cvelistv5nvd
CVE-2019-10364MEDIUMCVSS 5.5v1.43 and earlier2019-07-31
CVE-2019-10364 [MEDIUM] CWE-532 CVE-2019-10364: Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log.
cvelistv5nvd