Amazon Ec2 Jenkins Amazon Ec2

Do you want an email whenever new security vulnerabilities are reported in Jenkins Amazon Ec2?

By the Year

In 2021 there have been 0 vulnerabilities in Jenkins Amazon Ec2 . Last year Amazon Ec2 had 6 security vulnerabilities published. Right now, Amazon Ec2 is on track to have less security vulnerabilities in 2021 than it did last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 6 6.12
2019 0 0.00
2018 0 0.00

It may take a day or so for new Amazon Ec2 vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Jenkins Amazon Ec2 Security Vulnerabilities

Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents

CVE-2020-2185 5.6 - Medium - May 06, 2020

Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier

CVE-2020-2186 4.3 - Medium - May 06, 2020

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.

Session Riding

Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation

CVE-2020-2187 5.6 - Medium - May 06, 2020

Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.

Improper Certificate Validation

A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods

CVE-2020-2188 4.3 - Medium - May 06, 2020

A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

AuthZ

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier

CVE-2020-2090 8.8 - High - January 15, 2020

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

Session Riding

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier

CVE-2020-2091 8.1 - High - January 15, 2020

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

Incorrect Default Permissions

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Amazon Ec2 or by Jenkins? Click the Watch button to subscribe.

subscribe