6 matches found
org.jenkins-ci.plugins:ec2-cloud-axis (>=1.0 <=1.2) potentially affected by CVE-2020-2187 via org.jenkins-ci.plugins:ec2 (=1.19)
org.jenkins-ci.plugins:ec2 MAVEN version =1.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ec2 and may be impacted: - org.jenkins-ci.plugins:ec2-cloud-axis =1.0, =1.2 Source cves: CVE-2020-2187 Source advisory:...
org.jenkins-ci.plugins:ec2-cloud-axis (>=1.0 <=1.2) potentially affected by CVE-2020-2185 via org.jenkins-ci.plugins:ec2 (=1.19)
org.jenkins-ci.plugins:ec2 MAVEN version =1.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ec2 and may be impacted: - org.jenkins-ci.plugins:ec2-cloud-axis =1.0, =1.2 Source cves: CVE-2020-2185 Source advisory:...
org.jenkins-ci.plugins:ec2-cloud-axis (>=1.0 <=1.2) potentially affected by CVE-2017-1000502 via org.jenkins-ci.plugins:ec2 (=1.19)
org.jenkins-ci.plugins:ec2 MAVEN version =1.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ec2 and may be impacted: - org.jenkins-ci.plugins:ec2-cloud-axis =1.0, =1.2 Source cves: CVE-2017-1000502 Source advisory:...
Arbitrary shell command execution in Jenkins EC2 Plugin
Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...
Input validation
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks...
Security feature bypass
A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...