Jenkins Amazon Ec2 Plugin
CVEs (7)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-2187 | 0.00 | — | 0.00 | May 6, 2020 | Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. | ||
| CVE-2020-2188 | 0.00 | — | 0.00 | May 6, 2020 | A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||
| CVE-2020-2186 | 0.00 | — | 0.01 | May 6, 2020 | A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances. | ||
| CVE-2020-2185 | 0.00 | — | 0.00 | May 6, 2020 | Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. | ||
| CVE-2020-2090 | 0.00 | — | 0.00 | Jan 15, 2020 | A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. | ||
| CVE-2020-2091 | 0.00 | — | 0.00 | Jan 15, 2020 | A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. | ||
| CVE-2019-10364 | 0.00 | — | 0.00 | Jul 31, 2019 | Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log. |
- CVE-2020-2187May 6, 2020risk 0.00cvss —epss 0.00
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
- CVE-2020-2188May 6, 2020risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
- CVE-2020-2186May 6, 2020risk 0.00cvss —epss 0.01
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.
- CVE-2020-2185May 6, 2020risk 0.00cvss —epss 0.00
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
- CVE-2020-2090Jan 15, 2020risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.
- CVE-2020-2091Jan 15, 2020risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.
- CVE-2019-10364Jul 31, 2019risk 0.00cvss —epss 0.00
Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log.