Maven package
org.jenkins-ci.plugins/aws-codecommit-trigger
pkg:maven/org.jenkins-ci.plugins/aws-codecommit-trigger
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-41944 | — | <= 3.0.12 | — | Sep 6, 2023 | Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability. | ||
| CVE-2023-41943 | — | <= 3.0.12 | — | Sep 6, 2023 | Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. | ||
| CVE-2023-41942 | — | <= 3.0.12 | — | Sep 6, 2023 | A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue. | ||
| CVE-2023-41941 | — | <= 3.0.12 | — | Sep 6, 2023 | A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins. | ||
| CVE-2023-35147 | — | <= 3.0.12 | — | Jun 14, 2023 | Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system. |
- CVE-2023-41944Sep 6, 2023affected <= 3.0.12
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.
- CVE-2023-41943Sep 6, 2023affected <= 3.0.12
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue.
- CVE-2023-41942Sep 6, 2023affected <= 3.0.12
A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.
- CVE-2023-41941Sep 6, 2023affected <= 3.0.12
A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.
- CVE-2023-35147Jun 14, 2023affected <= 3.0.12
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.