GHSA-mwg7-69hf-vqh3

Source

https://github.com/advisories/GHSA-mwg7-69hf-vqh3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mwg7-69hf-vqh3/GHSA-mwg7-69hf-vqh3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mwg7-69hf-vqh3

Aliases

CVE-2018-1000404

Published

2022-05-13T01:48:36Z

Modified

2023-11-08T03:59:38.034007Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin

Details

Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later.

Database specific

{
    "nvd_published_at": "2018-07-09T13:29:00Z",
    "github_reviewed_at": "2022-11-08T12:47:51Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-522"
    ]
}

References

Affected packages

Maven / com.amazonaws:aws-codebuild

Package

Name: com.amazonaws:aws-codebuild; View open source insights on deps.dev
Purl: pkg:maven/com.amazonaws/aws-codebuild

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.27

Affected versions

0.*

0.5

0.6

0.7

0.8

0.9

0.10

0.11

0.12

0.13

0.14

0.15

0.16

0.17

0.18

0.19

0.20

0.21

0.22

0.23

0.24

0.25

0.26