Description
Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later.
Remediation
References
https://jenkins.io/security/advisory/2018-06-25/#SECURITY-967
Related Vulnerabilities
CVE-2020-11969 Vulnerability in maven package org.apache.tomee:openejb-core
CVE-2016-8741 Vulnerability in maven package org.apache.qpid:qpid-broker-core
CVE-2021-21162 Vulnerability in maven package org.webjars.npm:electron
CVE-2013-2071 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2022-23181 Vulnerability in maven package org.apache.tomcat:tomcat