CVE-2020-2091

Summary

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Amazon EC2 Pluginunspecified <= 1.47affected
Jenkins projectJenkins Amazon EC2 Plugin1.46.2 < unspecifiedunaffected
Jenkins projectJenkins Amazon EC2 Plugin1.42.2 < unspecifiedunaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References