CVE-2020-2185: Amazon vulnerability

May 10, 2020 0

Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. References jenkins.io/security/advisory/2020-05-06/#SECURITY-381 www.openwall.com/lists/oss-security/2020/05/06/3

CVE-2020-1760: Amazon vulnerability

April 24, 2020 0

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper Read more

CVE-2020-5856: Amazon vulnerability

April 8, 2020 0

On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default ‘xnet’ driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart. References support.f5.com/csp/article/K00025388

CVE-2020-2091: Amazon vulnerability

April 8, 2020 0

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. Read more

CVE-2020-2090: Amazon vulnerability

April 8, 2020 0

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. References jenkins.io/security/advisory/2020-01-15/#SECURITY-1004 Read more

1 2 3