50 matches found
CVE-2020-2186
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...
CVE-2020-2186
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...
CVE-2020-2188
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2020-2187
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks...
CVE-2020-2188
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
Input validation
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...
CVE-2020-2188
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2020-2187
The CVE-2020-2187 issue affects Jenkins Amazon EC2 Plugin (versions 1.50.1 and earlier). The root cause is that the plugin unconditionally accepts self-signed HTTPS certificates and does not perform hostname validation when connecting to Windows agents, enabling man-in-the-middle attacks. Impact ...
CVE-2020-2188
Summary (CVE-2020-2188) : The Jenkins Amazon EC2 Plugin (versions 1.50.1 and earlier) contains a missing permission check in form-related methods that allows any user with Overall/Read access to enumerate credentials IDs stored in Jenkins. This exposure can aid an attacker who already has basic a...
CVE-2020-2187
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks...
CVE-2020-2185
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks...
CVE-2020-2186
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...
CVE-2020-2186
CVE-2020-2186 describes a CSRF vulnerability in the Jenkins Amazon EC2 Plugin ≤ 1.50.1, where several HTTP endpoints did not require POST, allowing an attacker to provision EC2 instances with attacker‑supplied templates. The root cause is insufficient CSRF protection on those endpoints, enabling ...
PT-2020-15400 · Jenkins · Jenkins Amazon Ec2 Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier Description: A cross-site request forgery issue allows attackers to provision instances. The vulnerability is due to the plugin not requiring POST requests in several HTTP endpoints,...
PT-2020-15402 · Jenkins · Jenkins Amazon Ec2 Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier Description: A missing permission check in form-related methods of the Jenkins Amazon EC2 Plugin allows users with Overall/Read access to enumerate credentials IDs of credentials stored in...
CloudBees Jenkins Amazon EC2 Plugin Authorization Issue Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Amazon EC2 Plugin is used in which an EC2 connection agen...
CVE-2020-2090
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...
CVE-2020-2090
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...
CVE-2020-2091
A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...