GHSA-w6hw-57jq-h7f5
GitHub Security Advisory
CSRF vulnerability in Amazon EC2 Plugin
✓ GitHub Reviewed
LOW
Has CVE
Advisory Details
Amazon EC2 Plugin 1.50.1 and earlier does not require POST requests in several HTTP endpoints, resulting in cross-site request forgery (CSRF) vulnerabilities. This allows an attacker to provision instances with an attacker-specified template ID.
Amazon EC2 Plugin 1.50.2 now requires POST requests for the affected HTTP endpoints.
Affected Packages
Maven
org.jenkins-ci.plugins:ec2
Affected versions:
0
(fixed in 1.50.2)
Related CVEs
Key Information
2.5
/10
Dataset
Last updated: July 3, 2025 6:26 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.