GHSA-pfg6-cj3j-rpv4, CVE-2023-41941
maven/org.jenkins-ci.plugins/aws-codecommit-trigger
Missing Authorization
A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.
All versions up to 3.0.12
Unfortunately, there is no solution available yet.
2024-01-31
source |