vulnerability
Jenkins Advisory 2023-06-14: CVE-2023-35147: Arbitrary file read vulnerability in AWS CodeCommit Trigger Plugin
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:C/I:N/A:N) | Jun 15, 2023 | Jun 15, 2023 | Mar 27, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:C/I:N/A:N)
Published
Jun 15, 2023
Added
Jun 15, 2023
Modified
Mar 27, 2026
Description
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.
Solutions
jenkins-lts-upgrade-2_401_1jenkins-upgrade-2_400
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.