org.jenkins-ci.plugins:ec2
Maven8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.jenkins-ci.plugins:ec2page 1 of 1
- CVE-2017-1000502HIGHCVSS 8.8EG 8.8✓ Fixed in 1.382018-01-24
vulnerable: 1.11 ... 1.37 (27 versions)
Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents n…
- CVE-2019-10364MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.442019-07-31
vulnerable: 1.11 ... 1.43 (37 versions)
Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log.
- CVE-2020-2090HIGHCVSS 8.8EG 8.8✓ Fixed in 1.482020-01-15
vulnerable: 1.11 ... 1.47 (46 versions)
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another metho…
- CVE-2020-2091HIGHCVSS 8.1EG 8.1✓ Fixed in 1.482020-01-15
vulnerable: 1.11 ... 1.47 (46 versions)
A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through …
- CVE-2020-2185MEDIUMCVSS 5.6EG 5.6✓ Fixed in 1.50.22020-05-06
vulnerable: 1.11 ... 1.50.1 (53 versions)
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
- CVE-2020-2186MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.50.22020-05-06
vulnerable: 1.11 ... 1.50.1 (53 versions)
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.
- CVE-2020-2187MEDIUMCVSS 5.6EG 5.6✓ Fixed in 1.50.22020-05-06
vulnerable: 1.11 ... 1.50.1 (53 versions)
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
- CVE-2020-2188MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.50.22020-05-06
vulnerable: 1.11 ... 1.50.1 (53 versions)
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Check whether org.jenkins-ci.plugins:ec2 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:ec2 CVEs against the assets you own.
Start Free Scan →