Aws Codecommit Trigger@* Security Vulnerabilities and Issues — Aws Codecommit Trigger@* CVE List

Lucene search

JenkinsAws Codecommit Trigger*

5 matches found

CVE•added 2023/09/06 1:15 p.m.•114 views

CVE-2023-41941

A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.

4.3CVSS4.4AI score0.00052EPSS

CVE•added 2023/09/06 1:15 p.m.•97 views

CVE-2023-41943

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue.

6.5CVSS6.3AI score0.00046EPSS

CVE•added 2023/09/06 1:15 p.m.•96 views

CVE-2023-41942

A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.

4.3CVSS4.5AI score0.00044EPSS

CVE•added 2023/09/06 1:15 p.m.•96 views

CVE-2023-41944

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.

6.1CVSS6.2AI score0.00118EPSS

CVE•added 2023/06/14 1:15 p.m.•59 views

CVE-2023-35147

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.

6.5CVSS6.2AI score0.00049EPSS