Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials
High severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Jul 9, 2018
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Nov 8, 2022
Last updated
Jan 29, 2023
Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later.
References