64 matches found
Design/Logic Flaw
Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-1003061
Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-1003061
CVE-2019-1003061 affects the Jenkins ecosystem via the jenkins-cloudformation-plugin, which stores credentials unencrypted in job config.xml files on the Jenkins master/controller. The root cause described across multiple connected records is that credentials are kept in plain text, enabling view...
CVE-2019-1003061
Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
PT-2019-11351 · Jenkins · Jenkins-Cloudformation-Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins jenkins-cloudformation-plugin Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master or controller. These credentials ca...
AWS Pwn - A Collection Of AWS Penetration Testing Junk
This is a collection of horribly written scripts for performing various tasks related to penetration testing AWS. Please don't be sad if it doesn't work for you. It might be that AWS has changed since a given tool was written or it might be that the code sux. Either way, please feel free to...
aws-cfn-bootstrap Local Code Execution
aws-cfn-bootstrap local code execution as root ============================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/aws-cfn-bootstrap-local-code-execution-as-root.txt Overview -------- AWS EC2 instances deployed with the AWS...
Amazon Web Services CloudFormation bootstrap arbitrary code execution vulnerability
The Amazon Web Services AWS CloudFormation bootstrap tools package also known as aws-cfn-bootstrap is a suite of cloud computing services from Amazon.com, Inc.The CloudFormation bootstrap tools package is one of the cloud resource configuration toolkits. A security vulnerability exists in the...
Directory traversal
The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory...
CVE-2017-9450
The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory...
CVE-2017-9450
The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory...
CVE-2017-9450
The CVE-2017-9450 issue affects the AWS CloudFormation bootstrap tools package (aws-cfn-bootstrap) prior to 1.4-19.10. The vulnerable component is the cfn-hup daemon, which an attacker with local access can abuse by writing a crafted file to escalate to root and execute arbitrary code, compromisi...
CVE-2017-9450
The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory...
How to Protect AWS ECS with SecureSphere WAF
Adoption of container technology is growing widely. More and more workloads are being transferred from traditional EC2 compute instances to container-based services. However, the need for securing the web traffic remains the same regardless of the elected platform. In this post, we’ll deep dive...
Important: aws-cfn-bootstrap
Issue Overview: The default umask value is set to 022 to address a privilege escalation security vulnerability. Affected Packages: aws-cfn-bootstrap Issue Correction: Run yum update aws-cfn-bootstrap or yum update --advisory ALAS-2017-895 to update your system. 1. Run yum update aws-cfn-bootstrap...
Important: aws-cfn-bootstrap
Issue Overview: New optional parameter "umask" introduced into cfn-hup.conf file in order to configure the cfn-hup daemon's umask. The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root...
How to Protect AWS API Gateway with SecureSphere WAF
Serverless architectures are becoming more and more popular, and Amazon’s API Gateway service is a key factor in many serverless deployments on AWS. Currently API Gateway only supports a public CloudFront endpoint, and securing the API Gateway with high-end WAF protection may seem like a difficul...
Amazon Linux AMI : aws-cfn-bootstrap (ALAS-2017-866)
A vulnerability was reported in the CloudFormation bootstrap tools, where default behavior in the handling of cfn-init metadata can provide escalated privileges to an attacker with local access to the system C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
Important: aws-cfn-bootstrap
Issue Overview: A vulnerability was reported in the CloudFormation bootstrap tools, different from the one in CVE-2017-9450, where default behavior in the handling of cfn-init metadata can provide escalated privileges to an attacker with local access to the system Affected Packages:...
Amazon Linux AMI : aws-cfn-bootstrap (ALAS-2017-861)
A vulnerability was reported in the CloudFormation bootstrap tools that allows an attacker to execute arbitrary code as root if they have local access to the system and are able to create files in a specific directory CVE-2017-9450 C Tenable Network Security, Inc. The descriptive text and package...