CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27199
https://notcve.org/view.php?id=CVE-2022-27199
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. Una falta de comprobación de permisos en el Plugin CloudBees AWS Credentials de Jenkins versiones 189.v3551d5642995 y anteriores, permite a atacantes con permiso de Overall/Read conectarse a un servicio de AWS usando un token especificado por el atacante • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2351 • CWE-862: Missing Authorization •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27198
https://notcve.org/view.php?id=CVE-2022-27198
A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el plugin Jenkins CloudBees AWS Credentials versiones 189.v3551d5642995 y anteriores, permite a atacantes con permiso Overall/Read conectarse a un servicio de AWS usando un token especificado por el atacante • http://www.openwall.com/lists/oss-security/2022/03/15/2 https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2351 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20616
https://notcve.org/view.php?id=CVE-2022-20616
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file. El plugin Jenkins Credentials Binding versiones 1.27 y anteriores, no lleva a cabo una comprobación de permisos en un método que implementa la comprobación de formularios, que permite a atacantes con acceso Overall/Read comprobar si un ID de credencial es referido a una credencial de archivo secreto y si es un archivo zip • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2342 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21648 – jenkins-2-plugins/credentials: Reflected XSS vulnerability in Credentials Plugin
https://notcve.org/view.php?id=CVE-2021-21648
Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability. Jenkins Credentials Plugin versiones 2.3.18 y anteriores, no escapa la información controlada por el usuario en una vista que la proporciona, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) reflejado The reflected cross-site scripting (XSS) vulnerability was found in jenkins credentials plugin. On a `view it` there is no escape from provided by user information (user-controlled). • https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2349 https://access.redhat.com/security/cve/CVE-2021-21648 https://bugzilla.redhat.com/show_bug.cgi?id=1959545 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21625
https://notcve.org/view.php?id=CVE-2021-21625
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances. Jenkins CloudBees AWS Credentials Plugin versiones 1.28 y anteriores, no lleva a cabo una comprobación de permisos en un método auxiliar para endpoints HTTP, permitiendo a atacantes con permiso Overall/Read enumerar los ID de credenciales de las credenciales de AWS almacenadas en Jenkins en algunas circunstancias • http://www.openwall.com/lists/oss-security/2021/03/18/5 https://www.jenkins.io/security/advisory/2021-03-18/#SECURITY-2032 • CWE-862: Missing Authorization •