PT-2018-9398 · Jenkins · Jenkins Aws Codebuild Plugin+1

Viktor Gazdag

Publicado

2018-07-09

Atualizado

2022-05-13

CVE-2018-1000404

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins AWS CodeBuild Plugin versions 0.26 and earlier

Description The issue is related to insufficiently protected credentials in the AWSClientFactory.java and CodeBuilder.java files, which can lead to credentials disclosure. This can be exploited via local file access.

Recommendations For Jenkins AWS CodeBuild Plugin versions 0.26 and earlier, update to version 0.27 or later to resolve the issue.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2018-1000404

GHSA-MWG7-69HF-VQH3

Produtos afetados

Jenkins

Jenkins Aws Codebuild Plugin

PT-2018-9398 · Jenkins · Jenkins Aws Codebuild Plugin+1

CVE-2018-1000404

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5