4 matches found
CVE-2020-2186
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...
org.jenkins-ci.plugins:ec2-cloud-axis (>=1.0 <=1.2) potentially affected by CVE-2020-2186 via org.jenkins-ci.plugins:ec2 (=1.19)
org.jenkins-ci.plugins:ec2 MAVEN version =1.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ec2 and may be impacted: - org.jenkins-ci.plugins:ec2-cloud-axis =1.0, =1.2 Source cves: CVE-2020-2186 Source advisory:...
CVE-2020-2186
CVE-2020-2186 describes a CSRF vulnerability in the Jenkins Amazon EC2 Plugin ≤ 1.50.1, where several HTTP endpoints did not require POST, allowing an attacker to provision EC2 instances with attacker‑supplied templates. The root cause is insufficient CSRF protection on those endpoints, enabling ...
CVE-2020-2186
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...