CVE-2018-1000404

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1000404
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000404.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1000404
Aliases
Published
2018-07-09T13:29:00Z
Modified
2024-10-12T03:01:31.615038Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later.

References

Affected packages

Git / github.com/jenkinsci/aws-codebuild-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/aws-codebuild-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

aws-codebuild-0.*

aws-codebuild-0.1
aws-codebuild-0.10
aws-codebuild-0.11
aws-codebuild-0.12
aws-codebuild-0.13
aws-codebuild-0.14
aws-codebuild-0.15
aws-codebuild-0.16
aws-codebuild-0.17
aws-codebuild-0.18
aws-codebuild-0.19
aws-codebuild-0.2
aws-codebuild-0.20
aws-codebuild-0.21
aws-codebuild-0.22
aws-codebuild-0.23
aws-codebuild-0.24
aws-codebuild-0.25
aws-codebuild-0.26
aws-codebuild-0.3
aws-codebuild-0.4
aws-codebuild-0.5
aws-codebuild-0.6
aws-codebuild-0.7
aws-codebuild-0.8
aws-codebuild-0.9