Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qd3I5LWg0am0tYzljaM4AAn3G
Missing permission checks in Jenkins CloudBees AWS Credentials Plugin allows enumerating credentials IDs
CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints.
This allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins if any of the following plugins are installed:
- Amazon Elastic Container Service (ECS) / Fargate
- AWS Parameter Store Build Wrapper
- AWS SAM\n\nFurther plugins may use this helper method as well without performing a permission check themselves.
Credentials IDs obtained this way can be used as part of an attack to capture the credentials using another vulnerability.
CloudBees AWS Credentials Plugin 1.28.1 performs permission checks in the helper method for HTTP endpoints.
Permalink: https://github.com/advisories/GHSA-jwr9-h4jm-c9chJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qd3I5LWg0am0tYzljaM4AAn3G
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 5 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-jwr9-h4jm-c9ch, CVE-2021-21625
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-21625
- https://www.jenkins.io/security/advisory/2021-03-18/#SECURITY-2032
- http://www.openwall.com/lists/oss-security/2021/03/18/5
- https://github.com/jenkinsci/aws-credentials-plugin/commit/dd477a071bd633d9118c63dc3f19a2fd0590aecb
- https://github.com/advisories/GHSA-jwr9-h4jm-c9ch
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:aws-credentials
Affected Version Ranges: <= 1.28Fixed in: 1.28.1