You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
CSRF vulnerability in Amazon EC2 Plugin
Low severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Dec 20, 2023
Amazon EC2 Plugin 1.50.1 and earlier does not require POST requests in several HTTP endpoints, resulting in cross-site request forgery (CSRF) vulnerabilities. This allows an attacker to provision instances with an attacker-specified template ID.
Amazon EC2 Plugin 1.50.2 now requires POST requests for the affected HTTP endpoints.
Amazon EC2 Plugin 1.50.1 and earlier does not require POST requests in several HTTP endpoints, resulting in cross-site request forgery (CSRF) vulnerabilities. This allows an attacker to provision instances with an attacker-specified template ID.
Amazon EC2 Plugin 1.50.2 now requires POST requests for the affected HTTP endpoints.
References