Maven package

org.jenkins-ci.plugins/aws-credentials

pkg:maven/org.jenkins-ci.plugins/aws-credentials

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-27199	—	< 191.vcb_f183ce58b_9	191.vcb_f183ce58b_9	Mar 15, 2022	A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
CVE-2022-27198	—	<= 189.v3551d5642995	—	Mar 15, 2022	A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
CVE-2021-21625	—	< 1.28.1	1.28.1	Mar 18, 2021	Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.

CVE-2022-27199Mar 15, 2022
affected < 191.vcb_f183ce58b_9fixed 191.vcb_f183ce58b_9
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
CVE-2022-27198Mar 15, 2022
affected <= 189.v3551d5642995
A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
CVE-2021-21625Mar 18, 2021
affected < 1.28.1fixed 1.28.1
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.