Lucene search
K

6 matches found

vulnersOsv
vulnersOsv
added 2022/05/24 5:17 p.m.4 views

org.jenkins-ci.plugins:ec2-cloud-axis (>=1.0 <=1.2) potentially affected by CVE-2020-2187 via org.jenkins-ci.plugins:ec2 (=1.19)

org.jenkins-ci.plugins:ec2 MAVEN version =1.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ec2 and may be impacted: - org.jenkins-ci.plugins:ec2-cloud-axis =1.0, =1.2 Source cves: CVE-2020-2187 Source advisory:...

6.8CVSS6.1AI score0.00411EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/24 5:17 p.m.3 views

org.jenkins-ci.plugins:ec2-cloud-axis (>=1.0 <=1.2) potentially affected by CVE-2020-2185 via org.jenkins-ci.plugins:ec2 (=1.19)

org.jenkins-ci.plugins:ec2 MAVEN version =1.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ec2 and may be impacted: - org.jenkins-ci.plugins:ec2-cloud-axis =1.0, =1.2 Source cves: CVE-2020-2185 Source advisory:...

6.8CVSS6.1AI score0.00694EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 3:45 a.m.2 views

org.jenkins-ci.plugins:ec2-cloud-axis (>=1.0 <=1.2) potentially affected by CVE-2017-1000502 via org.jenkins-ci.plugins:ec2 (=1.19)

org.jenkins-ci.plugins:ec2 MAVEN version =1.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ec2 and may be impacted: - org.jenkins-ci.plugins:ec2-cloud-axis =1.0, =1.2 Source cves: CVE-2017-1000502 Source advisory:...

9CVSS7.3AI score0.01626EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/14 3:45 a.m.15 views

Arbitrary shell command execution in Jenkins EC2 Plugin

Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...

9CVSS7AI score0.01626EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2020/05/06 1:15 p.m.17 views

Input validation

Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks...

6.8CVSS5.5AI score0.00411EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/01/15 4:15 p.m.22 views

Security feature bypass

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...

5.5CVSS7.8AI score0.01113EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder