Lucene search

[email protected]CVE-2023-41942

HistorySep 06, 2023 - 1:15 p.m.

CVE-2023-41942

2023-09-0613:15:11

CWE-352

[email protected]

web.nvd.nist.gov

cve

2023

41942

csrf

vulnerability

jenkins

aws

codecommit

trigger

plugin

sqs queue

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

16.0%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.

CPENameOperatorVersion
jenkins:aws_codecommit_triggerjenkins aws codecommit triggerle3.0.12
jenkins:aws_codecommit_triggerjenkins aws codecommit triggereq3.0.12

CPE	Name	Operator	Version
jenkins:aws_codecommit_trigger	jenkins aws codecommit trigger	le	3.0.12
jenkins:aws_codecommit_trigger	jenkins aws codecommit trigger	eq	3.0.12

References

www.openwall.com/lists/oss-security/2023/09/06/9

www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(2)

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

16.0%

JSON

Related for CVE-2023-41942

osv1 cvelist1 prion1 github1 alpinelinux1 nessus1