Missing permission checks in AWS Credentials Plugin
Moderate severity
GitHub Reviewed
Published
Mar 16, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2024
Package
Affected versions
<= 189.v3551d5642995
Patched versions
191.vcb_f183ce58b_9
Description
Published by the National Vulnerability Database
Mar 15, 2022
Published to the GitHub Advisory Database
Mar 16, 2022
Reviewed
Jan 30, 2024
Last updated
Jan 30, 2024
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
References