CloudBees AWS Credentials Plugin

Source repositories

CVE	Vendor / Product	CVSS	Published	Description
CVE-2022-27199	Jenkins Project CloudBees AWS Credentials Plugin	—	Mar 15, 2022	A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
CVE-2022-27198	Jenkins Project CloudBees AWS Credentials Plugin	—	Mar 15, 2022	A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
CVE-2021-21625	Jenkins Project CloudBees AWS Credentials Plugin	—	Mar 18, 2021	Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.

CVE-2022-27199Mar 15, 2022
Jenkins Project
CloudBees AWS Credentials Plugin
risk 0.00cvss —epss 0.00
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
CVE-2022-27198Mar 15, 2022
Jenkins Project
CloudBees AWS Credentials Plugin
risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
CVE-2021-21625Mar 18, 2021
Jenkins Project
CloudBees AWS Credentials Plugin
risk 0.00cvss —epss 0.00
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.