jenkins amazon ec2 vulnerabilities and exploits

(subscribe to this query)

4.3

CVSSv2

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and previous versions allows malicious users to provision instances.

Jenkins Amazon Ec2

6.8

CVSSv2

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and previous versions allows malicious users to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

Jenkins Amazon Ec2

5.5

CVSSv2

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

Jenkins Amazon Ec2

6.8

CVSSv2

Jenkins Amazon EC2 Plugin 1.50.1 and previous versions does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.

Jenkins Amazon Ec2

6.8

CVSSv2

Jenkins Amazon EC2 Plugin 1.50.1 and previous versions unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.

Jenkins Amazon Ec2

4

CVSSv2

A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and previous versions in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

Jenkins Amazon Ec2

2.1

CVSSv2

Jenkins Amazon EC2 Plugin 1.43 and previous versions wrote the beginning of private keys to the Jenkins system log.

Jenkins Ec2

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook