Bump org.jenkins-ci.plugins:aws-credentials from 189.v3551d5642995 to 231.v08a_59f17d742

[dependabot]

Bumps org.jenkins-ci.plugins:aws-credentials from 189.v3551d5642995 to 231.v08a_59f17d742.

Release notes

Sourced from org.jenkins-ci.plugins:aws-credentials's releases.

231.v08a_59f17d742

👷 Changes for plugin developers

• Silence warnings for fields with no getters (#238) @​rsandell

✍ Other changes

• Test with Java 21 (#230) @​MarkEWaite

218.v1b_e9466ec5da_

👷 Changes for plugin developers

• Refresh plugin for August 2023 (#229) @​basil

📝 Documentation updates

• Even though this plugin was initially open-sourced from CloudBees work, it shouldn't be branded as CloudBees. (#127) @​Vlatombe

👻 Maintenance

• chore: use jenkins infra maven cd reusable workflow (#150) @​jetersen
• Replacing JSR-305 javax.annotations with Spotbugs (#193) @​aneveux
• Increase spotbugs checks and fix redundant interface declaration (#189) @​aneveux
• Updating parent pom and bom (#188) @​aneveux

📦 Dependency updates

• Bump jenkins-infra/interesting-category-action from 1.0.0 to 1.2.1 (#178) @​dependabot
• Bump jenkins-infra/verify-ci-status-action from 1.2.0 to 1.2.2 (#176) @​dependabot
• Bump git-changelist-maven-extension from 1.3 to 1.6 (#198) @​dependabot
• Bump actions/checkout from 2.4.0 to 3.3.0 (#190) @​dependabot
• Bump jenkins-infra/jenkins-maven-cd-action from 1.2.0 to 1.3.3 (#195) @​dependabot
• Bump actions/setup-java from 2.5.0 to 3.10.0 (#196) @​dependabot

191.vcb_f183ce58b_9

🐛 Bug fixes

• [SECURITY-2351] CVE-2022-27198 (CSRF), CVE-2022-27199 (permission check)

CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier does not perform a permission check in a method implementing form validation. Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)