Jenkins vulns

2025-08-04 08:44:25 +00:00 · 2018-07-08 15:54:01 -06:00 · 2018-07-08 15:54:01 -06:00 · 9304fd14d9
commit 9304fd14d9
parent 04f1f341cf
4 changed files with 4 additions and 76 deletions
--- a/2018/1000xxx/CVE-2018-1000401.json
+++ b/2018/1000xxx/CVE-2018-1000401.json
@ -1,19 +1 @@
-{
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "DATE_ASSIGNED" : "2018-06-20",
-      "ID" : "CVE-2018-1000401",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
-}
+{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-967"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.37 and later."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "0.36 and earlier"}]},"product_name": "Jenkins AWS CodePipeline Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-07-08T15:52:41.205440","DATE_REQUESTED": "2018-06-19T05:27:24","ID": "CVE-2018-1000401","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Insufficiently Protected Credentials"}]}]}}
--- a/2018/1000xxx/CVE-2018-1000402.json
+++ b/2018/1000xxx/CVE-2018-1000402.json
@ -1,19 +1 @@
-{
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "DATE_ASSIGNED" : "2018-06-20",
-      "ID" : "CVE-2018-1000402",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
-}
+{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-825"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of environment variables. This vulnerability appears to have been fixed in 1.20 and later."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.19 and earlier"}]},"product_name": "Jenkins AWS CodeDeploy Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-07-08T15:52:41.206611","DATE_REQUESTED": "2018-06-19T05:28:58","ID": "CVE-2018-1000402","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "File and Directory Information Exposure"}]}]}}
--- a/2018/1000xxx/CVE-2018-1000403.json
+++ b/2018/1000xxx/CVE-2018-1000403.json
@ -1,19 +1 @@
-{
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "DATE_ASSIGNED" : "2018-06-20",
-      "ID" : "CVE-2018-1000403",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
-}
+{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-833"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 1.20 and later."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.19 and earlier"}]},"product_name": "Jenkins AWS CodeDeploy Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-07-08T15:52:41.207877","DATE_REQUESTED": "2018-06-19T05:29:58","ID": "CVE-2018-1000403","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Insufficiently Protected Credentials"}]}]}}
--- a/2018/1000xxx/CVE-2018-1000404.json
+++ b/2018/1000xxx/CVE-2018-1000404.json
@ -1,19 +1 @@
-{
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "DATE_ASSIGNED" : "2018-06-22",
-      "ID" : "CVE-2018-1000404",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
-}
+{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-25/#SECURITY-834"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to have been fixed in 0.27 and later."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "0.26 and earlier"}]},"product_name": "Jenkins AWS CodeBuild Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-07-08T15:52:41.209111","DATE_REQUESTED": "2018-06-20T18:05:10","ID": "CVE-2018-1000404","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Insufficiently Protected Credentials"}]}]}}