GHSA-jwr9-h4jm-c9ch

Suggest an improvement
Source
https://github.com/advisories/GHSA-jwr9-h4jm-c9ch
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jwr9-h4jm-c9ch/GHSA-jwr9-h4jm-c9ch.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jwr9-h4jm-c9ch
Aliases
  • CVE-2021-21625
Published
2022-05-24T17:44:48Z
Modified
2024-02-16T07:59:17.992892Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Missing permission checks in Jenkins CloudBees AWS Credentials Plugin allows enumerating credentials IDs
Details

CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints.

This allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins if any of the following plugins are installed:

Credentials IDs obtained this way can be used as part of an attack to capture the credentials using another vulnerability.

CloudBees AWS Credentials Plugin 1.28.1 performs permission checks in the helper method for HTTP endpoints.

Database specific 
{
    "nvd_published_at": "2021-03-18T14:15:00Z",
    "cwe_ids": [
        "CWE-862"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-14T16:27:02Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:aws-credentials

Package

Name
org.jenkins-ci.plugins:aws-credentials
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/aws-credentials

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.28.1

Affected versions

1.*

1.8
1.9
1.10
1.11
1.11.1
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.20
1.21
1.22
1.23
1.24
1.25
1.26
1.27
1.28

Database specific 

{
    "last_known_affected_version_range": "<= 1.28"
}