Jenkins Amazon EC2 Plugin 1.47 Incorrect Default Permissions Vulnerability

Summary

Jenkins Amazon EC2 Plugin 1.47 suffers from incorrect default permissions vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1004


Details

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

 

Vulnerable Systems:

Jenkins Amazon EC2 Plugin 1.47

 

CVE Information:

CVE-2020-2091

 

Disclosure Timeline:
Published Date:1/15/2020

Categories: News