CVE-2018-1000403

HIGH

Jenkins AWS CodeDeploy Plugin <1.19 - Credentials Disclosure

Title source: llm

Description

Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 1.20 and later.

References (1)

[Vendor Advisory] https://jenkins.io/security/advisory/2018-06-25/#SECURITY-833

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 1.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (2)

jenkins/aws_codedeploy < 1.19

com.amazonaws/codedeploy < 1.20Maven

Timeline

Published Jul 09, 2018

Tracked Since Feb 18, 2026