Vulnerability Details CVE-2018-1000402
Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of environment variables. This vulnerability appears to have been fixed in 1.20 and later.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.9%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 5.0
References
Products affected by CVE-2018-1000402
-
cpe:2.3:a:jenkins:aws_codedeploy:1.0
-
cpe:2.3:a:jenkins:aws_codedeploy:1.1
-
cpe:2.3:a:jenkins:aws_codedeploy:1.10
-
cpe:2.3:a:jenkins:aws_codedeploy:1.11
-
cpe:2.3:a:jenkins:aws_codedeploy:1.12
-
cpe:2.3:a:jenkins:aws_codedeploy:1.13
-
cpe:2.3:a:jenkins:aws_codedeploy:1.14
-
cpe:2.3:a:jenkins:aws_codedeploy:1.15
-
cpe:2.3:a:jenkins:aws_codedeploy:1.17
-
cpe:2.3:a:jenkins:aws_codedeploy:1.18
-
cpe:2.3:a:jenkins:aws_codedeploy:1.19
-
cpe:2.3:a:jenkins:aws_codedeploy:1.2
-
cpe:2.3:a:jenkins:aws_codedeploy:1.3
-
cpe:2.3:a:jenkins:aws_codedeploy:1.4
-
cpe:2.3:a:jenkins:aws_codedeploy:1.5
-
cpe:2.3:a:jenkins:aws_codedeploy:1.6
-
cpe:2.3:a:jenkins:aws_codedeploy:1.7
-
cpe:2.3:a:jenkins:aws_codedeploy:1.8
-
cpe:2.3:a:jenkins:aws_codedeploy:1.9