Cloudbees Aws Credentials Security Vulnerabilities and Issues — Cloudbees Aws Credentials CVE List

Lucene search

JenkinsCloudbees Aws Credentials

3 matches found

CVE•added 2022/03/15 5:15 p.m.•139 views

CVE-2022-27198

A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.

8CVSS7.7AI score0.0008EPSS

CVE•added 2022/03/15 5:15 p.m.•104 views

CVE-2022-27199

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.

4.3CVSS4.7AI score0.00906EPSS

CVE•added 2021/03/18 2:15 p.m.•60 views

CVE-2021-21625

Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.

4.3CVSS4.8AI score0.00031EPSS