CVE-2020-2091
N/A
N/A
Summary
A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Jenkins project | Jenkins Amazon EC2 Plugin | unspecified <= 1.47 | affected |
| Jenkins project | Jenkins Amazon EC2 Plugin | 1.46.2 < unspecified | unaffected |
| Jenkins project | Jenkins Amazon EC2 Plugin | 1.42.2 < unspecified | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.