Jenkins Project Jenkins Cloudbees Aws Credentials Plugin vulnerabilities
3 known vulnerabilities affecting jenkins_project/jenkins_cloudbees_aws_credentials_plugin.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-27198HIGHCVSS 8.0≥ unspecified, ≤ 189.v3551d56429952022-03-15
CVE-2022-27198 [HIGH] CWE-352 CVE-2022-27198: A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3
A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
cvelistv5nvd
CVE-2022-27199MEDIUMCVSS 4.3≥ unspecified, ≤ 189.v3551d56429952022-03-15
CVE-2022-27199 [MEDIUM] CWE-862 CVE-2022-27199: A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
cvelistv5nvd
CVE-2021-21625MEDIUMCVSS 4.3≥ unspecified, ≤ 1.282021-03-18
CVE-2021-21625 [MEDIUM] CWE-862 CVE-2021-21625: Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a h
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.
cvelistv5nvd