Jenkins Aws Codecommit Trigger

Do you want an email whenever new security vulnerabilities are reported in Jenkins Aws Codecommit Trigger?

By the Year

In 2023 there have been 5 vulnerabilities in Jenkins Aws Codecommit Trigger with an average score of 5.5 out of ten. Aws Codecommit Trigger did not have any published security vulnerabilities last year. That is, 5 more vulnerabilities have already been reported in 2023 as compared to last year.

Year	Vulnerabilities	Average Score
2023	5	5.54
2022	0	0.00
2021	0	0.00
2020	0	0.00
2019	0	0.00
2018	0	0.00

It may take a day or so for new Aws Codecommit Trigger vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Aws Codecommit Trigger Security Vulnerabilities

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL

CVE-2023-41944 6.1 - Medium - September 06, 2023

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.

XSS

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint

CVE-2023-41943 6.5 - Medium - September 06, 2023

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue.

AuthZ

A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier

CVE-2023-41942 4.3 - Medium - September 06, 2023

A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.

Session Riding

A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier

CVE-2023-41941 4.3 - Medium - September 06, 2023

A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.

AuthZ

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint

CVE-2023-35147 6.5 - Medium - June 14, 2023

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.

Incorrect Permission Assignment for Critical Resource

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Aws Codecommit Trigger or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Aws Codecommit Trigger
Product

Jenkins Aws Codecommit Trigger

By the Year

Recent Jenkins Aws Codecommit Trigger Security Vulnerabilities

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL CVE-2023-41944 6.1 - Medium - September 06, 2023

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint CVE-2023-41943 6.5 - Medium - September 06, 2023

A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier CVE-2023-41942 4.3 - Medium - September 06, 2023

A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier CVE-2023-41941 4.3 - Medium - September 06, 2023

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint CVE-2023-35147 6.5 - Medium - June 14, 2023