GHSA-whgj-6m78-2gg9, CVE-2023-35147
maven/org.jenkins-ci.plugins/aws-codecommit-trigger
Incorrect Permission Assignment for Critical Resource
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.
All versions up to 3.0.12
Unfortunately, there is no solution available yet.
2024-01-31
source |