CVE-2022-30957

2022-05-1715:15:09

Google

osv.dev

cve-2022-30957

jenkins

ssh plugin

permission check

attackers

credentials

enumeration

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

22.0%

JSON

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

References

www.openwall.com/lists/oss-security/2022/05/17/8

www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2315