CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Amazon EC2 Plugin connects to Windows agents via HTTPS. Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed HTTPS certificates and does not perform hostname validation when connecting to Windows agents. This lack of validation could be abused using a man-in-the-middle attack ...

6.8CVSS5.3AI score0.00037EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2022/05/24 5:17 p.m.•24 views

Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin

Amazon EC2 Plugin provides a list of applicable credentials IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions in Amazon EC2 Plugin 1.50.1 and earlier, allowing any user with Overall/Read permission to get a list of valid...

4.3CVSS4.9AI score0.00031EPSS

Exploits0References4Affected Software1

OSV•added 2022/05/24 5:17 p.m.•19 views

GHSA-RMP9-MC8W-MQF3 Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin

4.3CVSS4.4AI score0.00031EPSS

Exploits0References4

OSV•added 2022/05/24 5:17 p.m.•21 views

GHSA-W6HW-57JQ-H7F5 CSRF vulnerability in Amazon EC2 Plugin

Amazon EC2 Plugin 1.50.1 and earlier does not require POST requests in several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. This allows an attacker to provision instances with an attacker-specified template ID. Amazon EC2 Plugin 1.50.2 now requires POST requests f...

3.1CVSS4.7AI score0.00528EPSS

Exploits0References5

CNVD•added 2020/05/07 12:0 a.m.•1 views

CloudBees Jenkins Amazon EC2 Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of the United States CloudBees continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Amazon EC2 Plugin is used in which an EC2 connection...

6.8CVSS6.8AI score0.00037EPSS

Exploits0References1

CNVD•added 2020/05/07 12:0 a.m.•1 views

CloudBees Jenkins Amazon EC2 Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Amazon EC2 Plugin is used in which an EC2 connection agen...

4.3CVSS6.9AI score0.00528EPSS

Exploits0References1

NVD•added 2020/05/06 1:15 p.m.•10 views

CVE-2020-2186

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...

4.3CVSS4.6AI score0.00528EPSS

Exploits0References2

OSV•added 2020/05/06 1:15 p.m.•0 views

CVE-2020-2187

Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks...

5.6CVSS6.2AI score

Exploits0References2

OSV•added 2020/05/06 1:15 p.m.•0 views

CVE-2020-2186

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...

4.3CVSS5.7AI score

Exploits0References2

NVD•added 2020/05/06 1:15 p.m.•12 views

CVE-2020-2188

A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS4.5AI score0.00031EPSS

Exploits0References2

OSV•added 2020/05/06 1:15 p.m.•1 views

CVE-2020-2188

4.3CVSS5.8AI score0.00031EPSS

Exploits0References2

Prion•added 2020/05/06 1:15 p.m.•13 views

Input validation

Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks...

6.8CVSS5.5AI score0.00037EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by