CVE-2018-1000401Insufficiently Protected Credentials in Jenkins AWS Codepipeline

CWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 98.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Jenkins AWS CodepipelineJenkins AWS Codebuild PluginJenkins AWS Codedeploy Plugin+14 more
Timeline
PublishedJul 9
Latest updateMay 13

Description

Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages17 packages

🔴Vulnerability Details

2
OSV
Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials2022-05-13
GHSA
Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials2022-05-13

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-06-252018-06-25