Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later.
References
| Link | Resource |
|---|---|
| https://jenkins.io/security/advisory/2018-06-25/#SECURITY-834 | Vendor Advisory |
| https://jenkins.io/security/advisory/2018-06-25/#SECURITY-834 | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:39
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://jenkins.io/security/advisory/2018-06-25/#SECURITY-834 - Vendor Advisory |
Information
Published : 2018-07-09 13:29
Updated : 2024-11-21 03:39
NVD link : CVE-2018-1000404
Mitre link : CVE-2018-1000404
CVE.ORG link : CVE-2018-1000404
JSON object : View
Products Affected
jenkins
- aws_codebuild
CWE
CWE-522
Insufficiently Protected Credentials