← back
CVE-2023-35147

CVE-2023-35147

CVSS 6.5 MEDIUMEPSS 0.6%CWE-732
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
14 Jun 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Jenkins Project · Jenkins AWS CodeCommit Trigger Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3099http://www.openwall.com/lists/oss-security/2023/06/14/5