CVE-2023-35147

Posted on by admin

CVE-2023-35147

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.

Source: CVE-2023-35147

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다