5 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability. El plugin Jenkins AWS CodeCommit Trigger 3.0.12 y anterior no escapa al parámetro de nombre de cola pasado a una URL de validación de formulario al renderizar un mensaje de error, lo que resulta en una vulnerabilidad de inyección HTML. • http://www.openwall.com/lists/oss-security/2023/09/06/9 https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3102 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. El plugin de Jenkins AWS CodeCommit Trigger en la versión 3.0.12 y anteriores no realiza una comprobación de permisos en un endpoint HTTP, permitiendo a atacantes con permiso Overall/Read vaciar la cola SQS. • http://www.openwall.com/lists/oss-security/2023/09/06/9 https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(2) • CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Jenkins AWS CodeCommit Trigger 3.0.12y anterior permite a los atacantes vaciar la cola SQS. • http://www.openwall.com/lists/oss-security/2023/09/06/9 https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(2) • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins. Una comprobación de permisos faltante en el complemento Jenkins AWS CodeCommit Trigger 3.0.12 y versiones anteriores permite a los atacantes con permiso Overall/Read enumerar los ID de credenciales de las credenciales de AWS almacenadas en Jenkins. • http://www.openwall.com/lists/oss-security/2023/09/06/9 https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(1) • CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system. • http://www.openwall.com/lists/oss-security/2023/06/14/5 https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3099 • CWE-732: Incorrect Permission Assignment for Critical Resource •