PT-2022-18284 · Cloudbees+1 · Jenkins Cloudbees Aws Credentials Plugin+1

Published

2022-03-15

Updated

2023-11-22

CVE-2022-27198

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins CloudBees AWS Credentials Plugin versions 189.v3551d5642995 and earlier

Description A cross-site request forgery issue allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.

Recommendations For Jenkins CloudBees AWS Credentials Plugin versions 189.v3551d5642995 and earlier, update to a version later than 189.v3551d5642995 to resolve the issue.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2022-27198

GHSA-PV4M-7C68-F4C5

Affected Products

Jenkins

Jenkins Cloudbees Aws Credentials Plugin

PT-2022-18284 · Cloudbees+1 · Jenkins Cloudbees Aws Credentials Plugin+1

CVE-2022-27198

Weakness Enumeration

Related Identifiers

Affected Products

References · 7