Lucene search
JenkinsCVELIST:CVE-2023-35147HistoryJun 14, 2023 - 12:53 p.m.
CVE-2023-35147
2023-06-1412:53:09
jenkins
www.cve.org
3
jenkins
aws
codecommit
trigger plugin
unauthorized access
files
security vulnerability
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.
CNA Affected
[
{
"defaultStatus": "unknown",
"product": "Jenkins AWS CodeCommit Trigger Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "3.0.12",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
]Related
veracode
veracode
Arbitrary File Read
2023-06-26 10:19:50
cve
cve
CVE-2023-35147
2023-06-14 13:15:12
prion
prion
Design/Logic Flaw
2023-06-14 13:15:00
redhatcve
redhatcve
CVE-2023-35147
2023-07-04 05:17:28
nvd
nvd
CVE-2023-35147
2023-06-14 13:15:12
github
github
Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin
2023-06-14 15:30:37
osv
osv
Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin
2023-06-14 15:30:37
alpinelinux
alpinelinux
CVE-2023-35147
2023-06-14 13:15:12
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-06-14)
2023-06-16 00:00:00