ID CVE-2022-27199
Summary A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:-:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:-:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.28.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.28.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.31.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.31.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.32:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.32:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:cloudbees_aws_credentials:189.v3551d5642995:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:cloudbees_aws_credentials:189.v3551d5642995:*:*:*:*:jenkins:*:*
CVSS
Base: 4.0 (as of 17-10-2022 - 19:21)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:N
Last major update 17-10-2022 - 19:21
Published 15-03-2022 - 17:15
Last modified 17-10-2022 - 19:21
Back to Top