PT-2018-9395 · Jenkins · Jenkins Aws Codepipeline Plugin+1

Viktor Gazdag

Publicado

2018-07-09

Atualizado

2022-05-13

CVE-2018-1000401

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins AWS CodePipeline Plugin versions 0.36 and earlier

Description The issue is related to insufficiently protected credentials in the AWSCodePipelineSCM.java file, which can lead to credentials disclosure. This can be exploited via local file access.

Recommendations For Jenkins AWS CodePipeline Plugin versions 0.36 and earlier, update to version 0.37 or later to resolve the issue.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2018-1000401

GHSA-5GWQ-4275-Q4QC

Produtos afetados

Jenkins

Jenkins Aws Codepipeline Plugin

PT-2018-9395 · Jenkins · Jenkins Aws Codepipeline Plugin+1

CVE-2018-1000401

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5