Insufficiently Protected Credentials Vulnerability in Jenkins AWS CodeDeploy Plugin
CVE-2018-1000403

7.8HIGH

Key Information:

Vendor: Jenkins
Status: Aws Codedeploy
Vendor: CVE Published:; 9 July 2018

What is CVE-2018-1000403?

The Jenkins AWS CodeDeploy Plugin prior to version 1.20 contains a vulnerability in the AWSCodeDeployPublisher.java that leads to insufficiently protected credentials. This flaw enables potential credential disclosure through local file access, posing a risk to sensitive information. Users are advised to upgrade to version 1.20 or later to mitigate this security issue.

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2018
Vulnerability Reserved
Jun 19, 2018