Lucene search
K

50 matches found

OSV
OSV
added 2020/05/06 1:15 p.m.2 views

CVE-2020-2186

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...

4.3CVSS5.7AI score0.00636EPSS
Exploits0References2
NVD
NVD
added 2020/05/06 1:15 p.m.15 views

CVE-2020-2186

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...

4.3CVSS4.6AI score0.00636EPSS
Exploits0References2
NVD
NVD
added 2020/05/06 1:15 p.m.23 views

CVE-2020-2188

A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS4.5AI score0.00647EPSS
Exploits0References2
OSV
OSV
added 2020/05/06 1:15 p.m.2 views

CVE-2020-2187

Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks...

5.6CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2020/05/06 1:15 p.m.4 views

CVE-2020-2188

A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00647EPSS
Exploits0References2
Prion
Prion
added 2020/05/06 1:15 p.m.17 views

Input validation

Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks...

6.8CVSS5.5AI score0.00411EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/05/06 1:15 p.m.17 views

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...

4.3CVSS4.5AI score0.00636EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/05/06 12:45 p.m.22 views

CVE-2020-2188

A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.5AI score0.00647EPSS
Exploits0References2
CVE
CVE
added 2020/05/06 12:45 p.m.74 views

CVE-2020-2187

The CVE-2020-2187 issue affects Jenkins Amazon EC2 Plugin (versions 1.50.1 and earlier). The root cause is that the plugin unconditionally accepts self-signed HTTPS certificates and does not perform hostname validation when connecting to Windows agents, enabling man-in-the-middle attacks. Impact ...

6.8CVSS5.5AI score0.00411EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/05/06 12:45 p.m.69 views

CVE-2020-2188

Summary (CVE-2020-2188) : The Jenkins Amazon EC2 Plugin (versions 1.50.1 and earlier) contains a missing permission check in form-related methods that allows any user with Overall/Read access to enumerate credentials IDs stored in Jenkins. This exposure can aid an attacker who already has basic a...

4.3CVSS4.4AI score0.00647EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/05/06 12:45 p.m.23 views

CVE-2020-2187

Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks...

5.5AI score0.00411EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/05/06 12:45 p.m.18 views

CVE-2020-2185

Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks...

5.5AI score0.00694EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/05/06 12:45 p.m.24 views

CVE-2020-2186

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...

4.5AI score0.00636EPSS
Exploits0References2
CVE
CVE
added 2020/05/06 12:45 p.m.66 views

CVE-2020-2186

CVE-2020-2186 describes a CSRF vulnerability in the Jenkins Amazon EC2 Plugin ≤ 1.50.1, where several HTTP endpoints did not require POST, allowing an attacker to provision EC2 instances with attacker‑supplied templates. The root cause is insufficient CSRF protection on those endpoints, enabling ...

4.3CVSS4.5AI score0.00636EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/05/06 12:0 a.m.4 views

PT-2020-15400 · Jenkins · Jenkins Amazon Ec2 Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier Description: A cross-site request forgery issue allows attackers to provision instances. The vulnerability is due to the plugin not requiring POST requests in several HTTP endpoints,...

4.3CVSS4.6AI score0.00636EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/05/06 12:0 a.m.4 views

PT-2020-15402 · Jenkins · Jenkins Amazon Ec2 Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier Description: A missing permission check in form-related methods of the Jenkins Amazon EC2 Plugin allows users with Overall/Read access to enumerate credentials IDs of credentials stored in...

4.3CVSS4.3AI score0.00647EPSS
Exploits0References5
CNVD
CNVD
added 2020/01/22 12:0 a.m.3 views

CloudBees Jenkins Amazon EC2 Plugin Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Amazon EC2 Plugin is used in which an EC2 connection agen...

8.1CVSS6.8AI score0.01113EPSS
Exploits0References1
OSV
OSV
added 2020/01/15 4:15 p.m.6 views

CVE-2020-2090

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...

8.8CVSS7.3AI score0.00827EPSS
Exploits0References1
NVD
NVD
added 2020/01/15 4:15 p.m.34 views

CVE-2020-2090

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...

8.8CVSS8.6AI score0.00827EPSS
Exploits0References1
OSV
OSV
added 2020/01/15 4:15 p.m.5 views

CVE-2020-2091

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...

8.1CVSS7.3AI score0.01113EPSS
Exploits0References1
Rows per page
Query Builder