ID CVE-2022-27199
Summary A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:-:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:-:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.10:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.10:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.11:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.11:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.11.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.11.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.12:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.12:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.13:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.13:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.14:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.14:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.15:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.15:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.16:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.16:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.17:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.17:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.18:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.18:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.19:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.19:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.20:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.20:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.21:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.21:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.22:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.22:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.23:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.23:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.24:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.24:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.25:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.25:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.26:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.26:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.27:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.27:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.28:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.28:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.28.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.28.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.28.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.28.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.29:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.29:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.30:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.30:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.31:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.31:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.31.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.31.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.32:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.32:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.32.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.32.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.33:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.33:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:189.v3551d5642995:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:189.v3551d5642995:*:*:*:*:jenkins:*:*
CVSS
Base: 4.0 (as of 25-10-2023 - 18:16)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:N
Last major update 25-10-2023 - 18:16
Published 15-03-2022 - 17:15
Last modified 25-10-2023 - 18:16
Back to Top