GHSA-r428-g373-m2h4, CVE-2023-41943
maven/org.jenkins-ci.plugins/aws-codecommit-trigger
Missing Authorization
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue.
All versions up to 3.0.12
Unfortunately, there is no solution available yet.
2024-01-31
source |