CVE-2023-41942: 
Java vulnerability analysis and mitigation

A cross-site request forgery (CSRF) vulnerability has been identified in Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier. This vulnerability was discovered and reported by Kevin Guerroudj from CloudBees, Inc. The issue was publicly disclosed on September 6, 2023, and was assigned CVE-2023-41942 (Jenkins Advisory, NVD).

The vulnerability stems from an HTTP endpoint in the AWS CodeCommit Trigger Plugin that does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. The issue has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

When successfully exploited, this vulnerability allows attackers to clear the SQS queue. The vulnerability is particularly concerning as it affects all versions of the AWS CodeCommit Trigger Plugin up to and including version 3.0.12 (Jenkins Advisory).

As of the advisory publication date, no fix is available for this vulnerability. Jenkins has publicly announced this issue to alert users of the security risk (Jenkins Advisory).