Lucene search

GitHub Advisory DatabaseGHSA-WHGJ-6M78-2GG9

HistoryJun 14, 2023 - 3:30 p.m.

Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin

2023-06-1415:30:37

CWE-732

GitHub Advisory Database

github.com

jenkins

aws codecommit

file read vulnerability

http endpoint

aws sqs queue

item/read permission

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.6%

JSON

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.

Affected configurations

Vulners

Node

jenkinsaws_codecommit_triggerRange≤3.0.12jenkins

CPENameOperatorVersion
org.jenkins-ci.plugins:aws-codecommit-triggerle3.0.12

CPE	Name	Operator	Version
	org.jenkins-ci.plugins:aws-codecommit-trigger	le	3.0.12

References

www.openwall.com/lists/oss-security/2023/06/14/5

github.com/advisories/GHSA-whgj-6m78-2gg9

nvd.nist.gov/vuln/detail/CVE-2023-35147

www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3099

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.6%

JSON

Related for GHSA-WHGJ-6M78-2GG9