Lucene search
K

64 matches found

Prion
Prion
added 2019/04/04 4:29 p.m.13 views

Design/Logic Flaw

Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

4CVSS8.6AI score0.01423EPSS
Exploits0References3
NVD
NVD
added 2019/04/04 4:29 p.m.13 views

CVE-2019-1003061

Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS8.7AI score0.01423EPSS
Exploits0References3
CVE
CVE
added 2019/04/04 3:38 p.m.63 views

CVE-2019-1003061

CVE-2019-1003061 affects the Jenkins ecosystem via the jenkins-cloudformation-plugin, which stores credentials unencrypted in job config.xml files on the Jenkins master/controller. The root cause described across multiple connected records is that credentials are kept in plain text, enabling view...

8.8CVSS8.6AI score0.01423EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/04/04 3:38 p.m.18 views

CVE-2019-1003061

Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.7AI score0.01423EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.5 views

PT-2019-11351 · Jenkins · Jenkins-Cloudformation-Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins jenkins-cloudformation-plugin Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master or controller. These credentials ca...

8.8CVSS8.5AI score0.01423EPSS
Exploits0References6
Kitploit
Kitploit
added 2018/04/15 1:32 p.m.19 views

AWS Pwn - A Collection Of AWS Penetration Testing Junk

This is a collection of horribly written scripts for performing various tasks related to penetration testing AWS. Please don't be sad if it doesn't work for you. It might be that AWS has changed since a given tool was written or it might be that the code sux. Either way, please feel free to...

7.6AI score
Exploits0References3
Packet Storm
Packet Storm
added 2017/12/01 12:0 a.m.57 views

aws-cfn-bootstrap Local Code Execution

aws-cfn-bootstrap local code execution as root ============================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/aws-cfn-bootstrap-local-code-execution-as-root.txt Overview -------- AWS EC2 instances deployed with the AWS...

7.2CVSS7.7AI score0.00376EPSS
Exploits2
CNVD
CNVD
added 2017/11/02 12:0 a.m.6 views

Amazon Web Services CloudFormation bootstrap arbitrary code execution vulnerability

The Amazon Web Services AWS CloudFormation bootstrap tools package also known as aws-cfn-bootstrap is a suite of cloud computing services from Amazon.com, Inc.The CloudFormation bootstrap tools package is one of the cloud resource configuration toolkits. A security vulnerability exists in the...

7.8CVSS7.7AI score0.00376EPSS
Exploits2References1
Prion
Prion
added 2017/10/30 2:29 p.m.18 views

Directory traversal

The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory...

7.2CVSS7.7AI score0.00376EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2017/10/30 2:29 p.m.23 views

CVE-2017-9450

The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory...

7.8CVSS7.8AI score0.00376EPSS
Exploits2References3
OSV
OSV
added 2017/10/30 2:29 p.m.5 views

CVE-2017-9450

The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory...

7.8CVSS6.1AI score0.00376EPSS
Exploits2References3
CVE
CVE
added 2017/10/30 2:0 p.m.64 views

CVE-2017-9450

The CVE-2017-9450 issue affects the AWS CloudFormation bootstrap tools package (aws-cfn-bootstrap) prior to 1.4-19.10. The vulnerable component is the cfn-hup daemon, which an attacker with local access can abuse by writing a crafted file to escalate to root and execute arbitrary code, compromisi...

7.8CVSS7.7AI score0.00376EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2017/10/30 2:0 p.m.20 views

CVE-2017-9450

The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory...

7.8AI score0.00376EPSS
Exploits2References3
Imperva Blog
Imperva Blog
added 2017/10/09 3:30 p.m.48 views

How to Protect AWS ECS with SecureSphere WAF

Adoption of container technology is growing widely. More and more workloads are being transferred from traditional EC2 compute instances to container-based services. However, the need for securing the web traffic remains the same regardless of the elected platform. In this post, we’ll deep dive...

6.8AI score
Exploits0
Amazon
Amazon
added 2017/09/14 12:0 a.m.35 views

Important: aws-cfn-bootstrap

Issue Overview: The default umask value is set to 022 to address a privilege escalation security vulnerability. Affected Packages: aws-cfn-bootstrap Issue Correction: Run yum update aws-cfn-bootstrap or yum update --advisory ALAS-2017-895 to update your system. 1. Run yum update aws-cfn-bootstrap...

7.3AI score
Exploits0
Amazon
Amazon
added 2017/08/31 12:0 a.m.31 views

Important: aws-cfn-bootstrap

Issue Overview: New optional parameter "umask" introduced into cfn-hup.conf file in order to configure the cfn-hup daemon's umask. The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root...

7.8CVSS8AI score0.00376EPSS
Exploits2
Imperva Blog
Imperva Blog
added 2017/08/15 3:30 p.m.151 views

How to Protect AWS API Gateway with SecureSphere WAF

Serverless architectures are becoming more and more popular, and Amazon’s API Gateway service is a key factor in many serverless deployments on AWS. Currently API Gateway only supports a public CloudFront endpoint, and securing the API Gateway with high-end WAF protection may seem like a difficul...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/08/07 12:0 a.m.96 views

Amazon Linux AMI : aws-cfn-bootstrap (ALAS-2017-866)

A vulnerability was reported in the CloudFormation bootstrap tools, where default behavior in the handling of cfn-init metadata can provide escalated privileges to an attacker with local access to the system C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

5.5AI score
Exploits0References2
Amazon
Amazon
added 2017/08/03 12:0 a.m.53 views

Important: aws-cfn-bootstrap

Issue Overview: A vulnerability was reported in the CloudFormation bootstrap tools, different from the one in CVE-2017-9450, where default behavior in the handling of cfn-init metadata can provide escalated privileges to an attacker with local access to the system Affected Packages:...

7.8CVSS7.7AI score0.00376EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2017/07/26 12:0 a.m.32 views

Amazon Linux AMI : aws-cfn-bootstrap (ALAS-2017-861)

A vulnerability was reported in the CloudFormation bootstrap tools that allows an attacker to execute arbitrary code as root if they have local access to the system and are able to create files in a specific directory CVE-2017-9450 C Tenable Network Security, Inc. The descriptive text and package...

7.8CVSS7.8AI score0.00376EPSS
Exploits2References2
Rows per page
Query Builder