GHSA-5gwq-4275-q4qc

Suggest an improvement
Source
https://github.com/advisories/GHSA-5gwq-4275-q4qc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5gwq-4275-q4qc/GHSA-5gwq-4275-q4qc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-5gwq-4275-q4qc
Aliases
Published
2022-05-13T01:48:37Z
Modified
2023-11-08T03:59:37.849942Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials
Details

Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later.

Database specific
{
    "nvd_published_at": "2018-07-09T13:29:00Z",
    "github_reviewed_at": "2022-11-08T12:51:29Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-522"
    ]
}
References

Affected packages

Maven / com.amazonaws:aws-codepipeline

Package

Name
com.amazonaws:aws-codepipeline
View open source insights on deps.dev
Purl
pkg:maven/com.amazonaws/aws-codepipeline

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.37

Affected versions

0.*

0.9
0.10
0.11
0.12
0.13
0.14
0.15
0.16
0.17
0.19
0.20
0.21
0.22
0.23
0.26
0.27
0.28
0.29
0.31
0.32
0.33
0.34
0.35
0.36