CVE-2018-1000403

Опубликовано: 09 июл. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 2.1

EPSS Низкий

Описание

Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 1.20 and later.

Ссылки

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-833
Vendor Advisory
https://jenkins.io/security/advisory/2018-06-25/#SECURITY-833
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:aws_codedeploy:*:*:*:*:*:jenkins:*:*

Версия до 1.19 (включая)

EPSS

Процентиль: 1%

0.00012

Низкий

7.8 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-h66p-m766-33fv