Jenkins Amazon EC2 Plugin 1.47 Incorrect Default Permissions Vulnerability
Jenkins Amazon EC2 Plugin 1.47 suffers from incorrect default permissions vulnerability
The information has been provided by Vendor
The original article can be found at:https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1004
A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.
Jenkins Amazon EC2 Plugin 1.47