Lucene search

K
cvelistJenkinsCVELIST:CVE-2022-20620
HistoryJan 12, 2022 - 7:05 p.m.

CVE-2022-20620

2022-01-1219:05:58
jenkins
www.cve.org

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.

CNA Affected

[
  {
    "product": "Jenkins SSH Agent Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.23",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "1.22.1"
      }
    ]
  }
]

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

Related for CVELIST:CVE-2022-20620