Lucene search
PRIOn knowledge basePRION:CVE-2023-35147HistoryJun 14, 2023 - 1:15 p.m.
Design/Logic Flaw
2023-06-1413:15:00
PRIOn knowledge base
www.prio-n.com
9
jenkins
aws
codecommit
sqs
http endpoint
security flaw
arbitrary file access
0.001 Low
EPSS
Percentile
45.6%
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| aws_codecommit_trigger | le | 3.0.12 |
Related
veracode
veracode
Arbitrary File Read
2023-06-26 10:19:50
redhatcve
redhatcve
CVE-2023-35147
2023-07-04 05:17:28
cve
cve
CVE-2023-35147
2023-06-14 13:15:12
nvd
nvd
CVE-2023-35147
2023-06-14 13:15:12
cvelist
cvelist
CVE-2023-35147
2023-06-14 12:53:09
alpinelinux
alpinelinux
CVE-2023-35147
2023-06-14 13:15:12
github
github
Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin
2023-06-14 15:30:37
osv
osv
Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin
2023-06-14 15:30:37
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-06-14)
2023-06-16 00:00:00