CVE-2022-27199

CVE-2022-27199 corresponds to a vulnerability in Jenkins CloudBees AWS Credentials Plugin (versions 189.v3551d5642995 and earlier) caused by a missing permission check. This flaw lets attackers with Overall/Read permission connect to an AWS service using an attacker-specified token, as described ...

CVE-2022-27199

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

CVE-2022-27199

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

CVE-2022-27198

CVE-2022-27198 is a CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin (versions up to 189.v3551d5642995 and earlier). It allows attackers with Overall/Read permission to perform actions against AWS services using an attacker-specified token. The connected advisories confirm the issue...

CVE-2022-27198

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

CVE-2022-27198

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

Jenkins CloudBees AWS Credentials Plugin 权限许可和访问控制问题漏洞

Jenkins CloudBees AWS Credentials and Jenkins are both Jenkins open source products.Jenkins CloudBees AWS Credentials is an application plug-in. Jenkins is an application that allows storage of Amazon IAM credentials in the Jenkins Credentials API. An open source automation server, Jenkins provid...

PT-2022-18284 · Cloudbees +1 · Jenkins Cloudbees Aws Credentials Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees AWS Credentials Plugin versions 189.v3551d5642995 and earlier Description: A cross-site request forgery issue allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

PT-2022-18285 · Cloudbees +1 · Jenkins Cloudbees Aws Credentials Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees AWS Credentials Plugin versions 189.v3551d5642995 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.7 / 2.303.x < 2.303.30.0.6 / 2.319.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-02-15)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.7, 2.303.x prior to 2.303.30.0.6, or 2.x prior to 2.319.3.4. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Pipeline: Groovy...

org.jenkins-ci.plugins:bitbucket-approval-filter (=1.0.0), org.jenkins-ci.plugins:bitbucket-filter-project-trait (=1.0) +1 more potentially affected by CVE-2022-20618 via org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (>=2.2.0 <=2.4.1)

org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source MAVEN version =2.2.0, =1.0.0, =1.0.2 Source cves: CVE-2022-20618 Source advisory: OSV:GHSA-W2MH-6XJ5-F77F...

org.jenkins-ci.plugins:bitbucket-approval-filter (=1.0.0), org.jenkins-ci.plugins:bitbucket-filter-project-trait (=1.0) +1 more potentially affected by CVE-2022-20619 via org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (>=2.2.0 <=2.4.1)

org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source MAVEN version =2.2.0, =1.0.0, =1.0.2 Source cves: CVE-2022-20619 Source advisory: OSV:GHSA-W4JV-6RG4-PR4M...

Jenkins Enterprise and Operations Center < 2.222.43.0.1 / 2.249.30.0.1 / 2.263.2.2 Multiple Vulnerabilities (CloudBees Security Advisory 2021-01-13)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.222.x prior to 2.222.43.0.1, 2.249.x prior to 2.249.30.0.1, or 2.x prior to 2.263.2.2. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins 2.274 and earlier,...

Jenkins Enterprise and Operations Center < 2.249.31.0.1-2 / 2.277.3.1-2 Multiple Vulnerabilities (CloudBees Security Advisory 2021-04-21)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.249.x prior to 2.249.31.0.1-2, or 2.x prior to 2.277.3.1-2. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Config File Provider Plugin 3.7.0 and earlier...

Jenkins Enterprise and Operations Center < 2.249.31.0.3 / 2.277.4.2 Multiple Vulnerabilities (CloudBees Security Advisory 2021-05-05)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.249.x prior to 2.249.31.0.3, or 2.x prior to 2.277.4.2. It is, therefore, affected by multiple vulnerabilities, including the following: - Missing permission checks in ItemReplicationLive /...

Jenkins Enterprise and Operations Center < 2.222.43.0.3 rev2 / 2.249.30.0.3 rev2 / 2.277.1.2 rev2 Multiple Vulnerabilities (CloudBees Security Advisory 2021-03-18)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.222.x prior to 2.222.43.0.3 rev2, 2.249.x prior to 2.249.30.0.3 rev2, or 2.x prior to 2.277.1.2 rev2. It is, therefore, affected by multiple vulnerabilities, including the following: - An incorrec...

Jenkins Enterprise and Operations Center < 2.249.31.0.4 / 2.277.4.3 Multiple Vulnerabilities (CloudBees Security Advisory 2021-05-11)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.249.x prior to 2.249.31.0.4, or 2.x prior to 2.277.4.3. It is, therefore, affected by multiple vulnerabilities, including the following: - A cross-site request forgery CSRF vulnerability in Jenkin...

Jenkins Enterprise and Operations Center < 2.249.31.0.5 / 2.289.1.2 Multiple Vulnerabilities (CloudBees Security Advisory 2021-06-02)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.249.x prior to 2.249.31.0.5, or 2.x prior to 2.289.1.2. It is, therefore, affected by multiple vulnerabilities, including the following: - A flaw exists in CloudBees Jenkins due to RBAC role...

Jenkins Enterprise and Operations Center < 2.249.32.0.1 / 2.277.41.0.1 / 2.303.1.5 Bad Permissions (CloudBees Security Advisory 2021-08-25)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to 2.303.1.5, 2.249.x prior to 2.249.32.0.1, or 2.277.x prior to 2.277.41.0.1. It is, therefore, affected by a vulnerability when using RBAC. When using LDAP to grant users new permissions...

Jenkins Enterprise and Operations Center < 2.289.3.2 rev 2 Bad Permissions (CloudBees Security Advisory 2021-08-02)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.x prior to 2.289.3.2 rev 2. It is, therefore, affected by a vulnerability when using CasC bundles. A new build step allows users without 'ADMIN' permission to remove the CasC bundles. Note that...