Lucene search
Veracode Vulnerability DatabaseVERACODE:41018HistoryJun 26, 2023 - 10:19 a.m.
Arbitrary File Read
2023-06-2610:19:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
arbitrary file read
aws codecommit
jenkins controller
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
45.5%
AWS CodeCommit Trigger Plugin is vulnerable to Arbitrary File Reads. The vulnerability exists due to a failure to restrict the queue name path parameter in the corresponding HTTP endpoint which allows an attacker to read arbitrary files on the Jenkins controller file system.
Related
redhatcve
redhatcve
CVE-2023-35147
2023-07-04 05:17:28
cvelist
cvelist
CVE-2023-35147
2023-06-14 12:53:09
nvd
nvd
CVE-2023-35147
2023-06-14 13:15:12
prion
prion
Design/Logic Flaw
2023-06-14 13:15:00
cve
cve
CVE-2023-35147
2023-06-14 13:15:12
osv
osv
Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin
2023-06-14 15:30:37
github
github
Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin
2023-06-14 15:30:37
alpinelinux
alpinelinux
CVE-2023-35147
2023-06-14 13:15:12
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-06-14)
2023-06-16 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
45.5%
Related for VERACODE:41018