Lucene search
K

87 matches found

Positive Technologies
Positive Technologies
added 2022/05/17 12:0 a.m.4 views

PT-2022-20413 · Jenkins · Jenkins Ssh Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SSH Plugin versions 2.6.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another metho...

8.8CVSS8.6AI score0.00625EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/14 2:3 a.m.23 views

Ansible uses a socket with predictable filename in /tmp

runner/connectionplugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/...

1.9CVSS7.1AI score0.00339EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/13 1:41 a.m.16 views

GHSA-5GMF-8GH2-HHFP Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file...

9.8CVSS9.4AI score0.01441EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/13 1:41 a.m.23 views

Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file...

9.8CVSS4.3AI score0.01441EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2022/01/13 12:0 a.m.31 views

Stored XSS vulnerability in Jenkins Publish Over SSH Plugin

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

4.8CVSS2.1AI score0.00819EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/13 12:0 a.m.23 views

Path traversal vulnerability in Jenkins Publish Over SSH Plugin

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...

4.3CVSS3.4AI score0.01504EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2022/01/12 8:15 p.m.18 views

CVE-2022-23113

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...

4.3CVSS0.01504EPSS
Exploits0References2
NVD
NVD
added 2022/01/12 8:15 p.m.19 views

CVE-2022-23112

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials...

6.5CVSS0.00855EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/01/12 8:15 p.m.9 views

CVE-2022-23112

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials...

6.5CVSS5.8AI score0.00855EPSS
Exploits0References3
OSV
OSV
added 2022/01/12 8:15 p.m.21 views

CVE-2022-23113

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...

4.3CVSS4.5AI score
Exploits0References2
Prion
Prion
added 2022/01/12 8:15 p.m.20 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

4.3CVSS4.5AI score0.26546EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/01/12 8:15 p.m.17 views

Cross site scripting

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

3.5CVSS4.8AI score0.00819EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/01/12 7:6 p.m.117 views

CVE-2022-23114

CVE-2022-23114 affects Jenkins Publish Over SSH Plugin 1.22 and earlier. The vulnerability is that passwords are stored unencrypted in the plugin’s global configuration file on the Jenkins controller, exposing credentials to users with filesystem access to the controller. The Red Hat advisory and...

3.3CVSS3.9AI score0.00307EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/01/12 7:6 p.m.10 views

CVE-2022-23113

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...

6.9AI score0.01504EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/01/12 7:6 p.m.24 views

CVE-2022-23113

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...

6.5AI score0.01504EPSS
Exploits0References2
CVE
CVE
added 2022/01/12 7:6 p.m.107 views

CVE-2022-23112

CVE-2022-23112 concerns Jenkins Publish Over SSH Plugin, versions 1.22 and earlier. The root cause is a missing permission check that allows users with Overall/Read access to cause the controller to connect to an attacker‑specified SSH server using attacker‑supplied credentials. This enables pote...

6.5CVSS6.2AI score0.00855EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/12 7:6 p.m.38 views

CVE-2022-23111

A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

6.6AI score0.26546EPSS
Exploits0References2
CVE
CVE
added 2022/01/12 7:6 p.m.216 views

CVE-2022-23110

CVE-2022-23110 concerns Jenkins Publish Over SSH Plugin 1.22 and earlier, which does not escape the SSH server name, leading to a stored XSS vulnerability. Exploitation requires attacker to have Overall/Administer permission. The provided documents identify the affected plugin/version and the XSS...

4.8CVSS4.8AI score0.00819EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.7 views

Jenkins Plugin 路径遍历漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A path traversal vulnerability exists in Jenkins Publish Over SSH Plugin 1.22 and prior versions. An attacker with...

4.3CVSS5.7AI score0.01504EPSS
Exploits0References6
CNVD
CNVD
added 2018/05/14 12:0 a.m.2 views

Jenkins SSH Plugin Insecure Password Storage Information Disclosure Vulnerability

Jenkins is the open source automation server . Jenkins provides numerous plug-ins that support building, deploying and automating projects. An information disclosure vulnerability exists in the Jenkins SSH plugin. An attacker can exploit the vulnerability to obtain sensitive information and launc...

6.2AI score
Exploits0References1
Rows per page
Query Builder