CVE-2023-35147
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Jun 14, 2023
Updated: Dec 31, 2024
CWE ID 732
Summary
CVE-2023-35147 refers to a vulnerability in the Jenkins AWS CodeCommit Trigger Plugin version 3.0.12 and earlier. This issue allows attackers with Item/Read permission to access arbitrary files on the Jenkins controller file system through an HTTP endpoint. The plugin does not impose restrictions on the AWS SQS queue name path parameter, making it possible for unauthorized users to obtain Jenkins controller file contents. This vulnerability can lead to serious data breaches and should be addressed promptly by updating the plugin to a patched version.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share