Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1000401 Vulnerability in maven package org.jenkins-ci.plugins:aws-codepipeline

Description

Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later.

Remediation

References

https://jenkins.io/security/advisory/2018-06-25/#SECURITY-967

Related Vulnerabilities

CVE-2012-1574 Vulnerability in maven package org.apache.hadoop:hadoop-mapreduce-client-core

CVE-2022-45787 Vulnerability in maven package org.apache.james:apache-mime4j-storage

CVE-2018-11778 Vulnerability in maven package org.apache.ranger:ranger

CVE-2022-34206 Vulnerability in maven package org.jenkins-ci.plugins:jianliao

CVE-2020-5408 Vulnerability in maven package org.springframework.security:spring-security-core

Severity

High

Classification

CWE-522 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory