GHSA-7v7g-mh53-89hw

GitHub Security Advisory

Missing permission check in Jenkins AWS Global Configuration Plugin allows replacing plugin configuration

✓ GitHub Reviewed MODERATE Has CVE

Jenkins AWS Global Configuration Plugin 1.5 and earlier does not perform a permission check in an HTTP endpoint processing form submissions.

This allows attackers with Overall/Read permission to replace the global AWS configuration.

Jenkins AWS Global Configuration Plugin 1.6 properly performs permission checks when processing configuration form submissions.

Maven io.jenkins.plugins:aws-global-configuration

Affected versions: 0 (fixed in 1.6)

CVE-2020-2311

GHSA ID

GHSA-7v7g-mh53-89hw

Published

May 24, 2022 5:33 PM

Last Modified

October 27, 2023 1:08 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

io.jenkins.plugins:aws-global-configuration

GitHub Reviewed

✓ Yes

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.