CSRF Vulnerability in Jenkins AWS CodeCommit Trigger Plugin from CloudBees
CVE-2023-41942

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Aws Codecommit Trigger Plugin
Vendor: CVE Published:; 6 September 2023

Summary

A vulnerability in the AWS CodeCommit Trigger Plugin for Jenkins allows attackers to exploit Cross-Site Request Forgery (CSRF) weaknesses. This vulnerability enables unauthorized users to clear messages from the Amazon SQS queue, potentially disrupting workflows and leading to data loss. Users of the affected plugin versions are strongly advised to apply patches and updates to safeguard their systems against possible exploitation.

Affected Version(s)

Jenkins AWS CodeCommit Trigger Plugin 0 <= 3.0.12

References

https://www.jenkins.io/security/advisory/2023-09-06/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/09/06/9

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2023
Vulnerability Reserved
Sep 5, 2023