org.jenkins-ci.plugins:ec2 (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.jenkins-ci.plugins:ec2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2017-1000502 — CVSS 8.8 (high): Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell…
CVE-2020-2090 — CVSS 8.8 (high): A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an…
CVE-2020-2091 — CVSS 8.1 (high): A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an…
CVE-2020-2185 — CVSS 5.6 (medium): Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
CVE-2020-2187 — CVSS 5.6 (medium): Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation…
CVE-2019-10364 — CVSS 5.5 (medium): Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log.
CVE-2020-2186 — CVSS 4.3 (medium): A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.
CVE-2020-2188 — CVSS 4.3 (medium): A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access…