4 matches found
Jenkins plugins Multiple Vulnerabilities (2023-06-14)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. CVE-2023-3514...
CVE-2023-35147
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...
CVE-2023-35147
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...
CVE-2023-35147
CVE-2023-35147 affects the Jenkins AWS CodeCommit Trigger Plugin, v3.0.12 and earlier. The issue arises because the HTTP endpoint does not restrict the AWS SQS queue name path parameter, enabling attackers with Item/Read permission to obtain contents of arbitrary files on the Jenkins controller f...