CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

79 matches found

AlpineLinux•added 2023/09/06 12:9 p.m.•26 views

CVE-2023-41943

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

6.5CVSS6.8AI score0.00078EPSS

Exploits0References2

Vulnrichment•added 2023/09/06 12:9 p.m.•12 views

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

6.7AI score0.00056EPSS

Exploits0References2

CVE•added 2023/09/06 12:9 p.m.•106 views

CVE-2023-41943

CVE-2023-41943 concerns the Jenkins AWS CodeCommit Trigger Plugin, where versions 3.0.12 and earlier do not perform a permission check in an HTTP endpoint. The described impact is that attackers with Overall/Read permission can clear the SQS queue. The connected documents consistently reference t...

6.5CVSS6.3AI score0.00078EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/09/06 12:9 p.m.•16 views

CVE-2023-41943

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

6.8AI score0.00078EPSS

Exploits0References2

CVE•added 2023/09/06 12:9 p.m.•105 views

CVE-2023-41942

The CVE-2023-41942 entry concerns a CSRF vulnerability in the Jenkins AWS CodeCommit Trigger Plugin. Affected software: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier. Root cause: cross-site request forgery that enables an attacker to clear the SQS queue. Impact: described as a...

4.3CVSS4.5AI score0.00056EPSS

Exploits0References2Affected Software1

AlpineLinux•added 2023/09/06 12:9 p.m.•24 views

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

4.3CVSS6.9AI score0.00056EPSS

Exploits0References2

Vulnrichment•added 2023/09/06 12:9 p.m.•19 views

CVE-2023-41943

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

6.5AI score0.00078EPSS

Exploits0References2

Cvelist•added 2023/09/06 12:8 p.m.•16 views

CVE-2023-41941

A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins...

5.2AI score0.00088EPSS

Exploits0References2

CVE•added 2023/09/06 12:8 p.m.•121 views

CVE-2023-41941

The CVE-2023-41941 issue affects Jenkins and specifically the AWS CodeCommit Trigger Plugin 3.0.12 and earlier, where a missing permission check allows attackers with Overall/Read to enumerate AWS credentials IDs stored in Jenkins. The vulnerability arises from inadequate access control in the pl...

4.3CVSS4.4AI score0.00088EPSS

Exploits0References2Affected Software1

AlpineLinux•added 2023/09/06 12:8 p.m.•45 views

CVE-2023-41941

4.3CVSS6.7AI score0.00088EPSS

Exploits0References2

Vulnrichment•added 2023/09/06 12:8 p.m.•16 views

CVE-2023-41941

6.4AI score0.00088EPSS

Exploits0References2

CNNVD•added 2023/09/06 12:0 a.m.•2 views

Jenkins Plugin AWS CodeCommit Trigger Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. Jenkins Plugin AWS...

4.3CVSS6.7AI score0.00088EPSS

Exploits0References4

Positive Technologies•added 2023/09/06 12:0 a.m.•4 views

PT-2023-28179 · Jenkins · Jenkins Aws Codecommit Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins...

4.3CVSS4.4AI score0.00088EPSS

Exploits0References8

CNNVD•added 2023/09/06 12:0 a.m.•3 views

Jenkins Plugin AWS CodeCommit Trigger Security Vulnerability

6.5CVSS6.7AI score0.00078EPSS

Exploits0References4

CNNVD•added 2023/09/06 12:0 a.m.•3 views

Jenkins Plugin AWS CodeCommit Trigger Cross-Site Scripting Vulnerability

6.1CVSS7.1AI score0.002EPSS

Exploits0References4

CNNVD•added 2023/09/06 12:0 a.m.•3 views

Jenkins Plugin AWS CodeCommit Trigger Cross-Site Request Forgery Vulnerability

4.3CVSS6.7AI score0.00056EPSS

Exploits0References4

Positive Technologies•added 2023/09/06 12:0 a.m.•3 views

PT-2023-28181 · Jenkins · Jenkins Aws Codecommit Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier Description: The issue arises from a lack of permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. This can be exploited...

6.5CVSS6.2AI score0.00078EPSS

Exploits0References7

RedhatCVE•added 2023/07/04 5:17 a.m.•28 views

CVE-2023-35147

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...

6.5CVSS6.7AI score0.00562EPSS

Exploits0References3

Veracode•added 2023/06/26 10:19 a.m.•20 views

Arbitrary File Read

AWS CodeCommit Trigger Plugin is vulnerable to Arbitrary File Reads. The vulnerability exists due to a failure to restrict the queue name path parameter in the corresponding HTTP endpoint which allows an attacker to read arbitrary files on the Jenkins controller file system...

6.5CVSS6.7AI score0.00562EPSS

Exploits0References3Affected Software1

Tenable Nessus•added 2023/06/16 12:0 a.m.•48 views

Jenkins plugins Multiple Vulnerabilities (2023-06-14)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. CVE-2023-3514...

8.1CVSS6.2AI score0.15358EPSS

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by