CVE-2023-41941 : A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and e

A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.

Published 2023-09-06 13:15:11

Updated 2023-09-11 18:44:45

Source Jenkins Project

View at NVD, CVE.org

Products affected by CVE-2023-41941

Jenkins » Aws Codecommit Trigger » For Jenkins
Versions up to, including, (<=) 3.0.12
cpe:2.3:a:jenkins:aws_codecommit_trigger:*:*:*:*:*:jenkins:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-41941

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 16 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-41941

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2023-41941

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-41941

https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3101%20(1)

Jenkins Security Advisory 2023-09-06
Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/09/06/9

oss-security - Multiple vulnerabilities in Jenkins plugins
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-41941

Products affected by CVE-2023-41941

Exploit prediction scoring system (EPSS) score for CVE-2023-41941

CVSS scores for CVE-2023-41941

CWE ids for CVE-2023-41941

References for CVE-2023-41941