Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe

Filtered by product Amazon Ec2

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-2188	1 Jenkins	1 Amazon Ec2	2020-05-11	4.0 MEDIUM	4.3 MEDIUM
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2020-2187	1 Jenkins	1 Amazon Ec2	2020-05-11	6.8 MEDIUM	5.6 MEDIUM
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
CVE-2020-2185	1 Jenkins	1 Amazon Ec2	2020-05-11	6.8 MEDIUM	5.6 MEDIUM
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
CVE-2020-2186	1 Jenkins	1 Amazon Ec2	2020-05-08	4.3 MEDIUM	4.3 MEDIUM
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.