Lucene search

GitHub Advisory DatabaseGHSA-W7FV-7J46-WWRV

HistoryMay 24, 2022 - 4:51 p.m.

Jenkins Amazon EC2 Plugin leaked beginning of private key in system log

2022-05-2416:51:51

CWE-532

GitHub Advisory Database

github.com

jenkins

amazon ec2

private key

system log

security issue

plugin

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Jenkins Amazon EC2 Plugin printed a log message that contained the beginning of the private key to the Jenkins system log.

The log message no longer includes the beginning of the private key.

Affected configurations

Vulners

Node

org.jenkins-ci.pluginsec2Range≤1.43

VendorProductVersionCPE
org.jenkins-ci.pluginsec2*cpe:2.3:a:org.jenkins-ci.plugins:ec2:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.jenkins-ci.plugins	ec2	*	cpe:2.3:a:org.jenkins-ci.plugins:ec2::::::::

References

www.openwall.com/lists/oss-security/2019/07/31/1

github.com/advisories/GHSA-w7fv-7j46-wwrv

github.com/jenkinsci/ec2-plugin/commit/78c3c49a227ac8eccb8b1be7193d5605363fe251

jenkins.io/security/advisory/2019-07-31/#SECURITY-673

nvd.nist.gov/vuln/detail/CVE-2019-10364

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Related for GHSA-W7FV-7J46-WWRV