CVE-2023-41944
https://notcve.org/view.php?id=CVE-2023-41944
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability. El plugin Jenkins AWS CodeCommit Trigger 3.0.12 y anterior no escapa al parámetro de nombre de cola pasado a una URL de validación de formulario al renderizar un mensaje de error, lo que resulta en una vulnerabilidad de inyección HTML. • http://www.openwall.com/lists/oss-security/2023/09/06/9 https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3102 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-41943
https://notcve.org/view.php?id=CVE-2023-41943
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. El plugin de Jenkins AWS CodeCommit Trigger en la versión 3.0.12 y anteriores no realiza una comprobación de permisos en un endpoint HTTP, permitiendo a atacantes con permiso Overall/Read vaciar la cola SQS. • http://www.openwall.com/lists/oss-security/2023/09/06/9 https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(2) • CWE-862: Missing Authorization •
CVE-2023-41942
https://notcve.org/view.php?id=CVE-2023-41942
A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Jenkins AWS CodeCommit Trigger 3.0.12y anterior permite a los atacantes vaciar la cola SQS. • http://www.openwall.com/lists/oss-security/2023/09/06/9 https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(2) • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-41941
https://notcve.org/view.php?id=CVE-2023-41941
A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins. Una comprobación de permisos faltante en el complemento Jenkins AWS CodeCommit Trigger 3.0.12 y versiones anteriores permite a los atacantes con permiso Overall/Read enumerar los ID de credenciales de las credenciales de AWS almacenadas en Jenkins. • http://www.openwall.com/lists/oss-security/2023/09/06/9 https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(1) • CWE-862: Missing Authorization •
CVE-2023-41940
https://notcve.org/view.php?id=CVE-2023-41940
Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents. El complemento Jenkins TAP 2.3 y versiones anteriores no escapan al contenido del archivo TAP, lo que resulta en una vulnerabilidad de cross-site scripting (XSS) almacenado explotable por atacantes capaces de controlar el contenido del archivo TAP. • http://www.openwall.com/lists/oss-security/2023/09/06/9 https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3190 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •