CVE-2022-27198

Опубликовано: 15 мар. 2022

Источник: nvd

CVSS3: 8

CVSS2: 6

EPSS Низкий

Описание

A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.

Ссылки

http://www.openwall.com/lists/oss-security/2022/03/15/2
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2351
Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/03/15/2
Mailing List
Third Party Advisory
https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2351
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:jenkins:cloudbees_aws_credentials:*:*:*:*:*:jenkins:*:*

Версия до 189.v3551d5642995 (включая)

cpe:2.3:a:jenkins:cloudbees_aws_credentials:*:*:*:*:*:jenkins:*:*

Версия от 1.28 (включая) до 1.28.2 (исключая)

cpe:2.3:a:jenkins:cloudbees_aws_credentials:1.32:*:*:*:*:jenkins:*:*

EPSS

Процентиль: 24%

0.00079

Низкий

8 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-pv4m-7c68-f4c5