3 matches found
org.jenkins-ci.plugins:ec2-cloud-axis (>=1.0 <=1.2) potentially affected by CVE-2017-1000502 via org.jenkins-ci.plugins:ec2 (=1.19)
org.jenkins-ci.plugins:ec2 MAVEN version =1.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ec2 and may be impacted: - org.jenkins-ci.plugins:ec2-cloud-axis =1.0, =1.2 Source cves: CVE-2017-1000502 Source advisory:...
CVE-2017-1000502
Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...
CVE-2017-1000502
CVE-2017-1000502 involves the Jenkins EC2 Plugin (versions 1.37 and earlier). When configuring an EC2 agent, a user could cause the agent to run arbitrary shell commands on the Jenkins master node at launch time. The vulnerability requires minimal user interaction and is tied to insufficient perm...