CVE-2022-23112

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials...

Cross site scripting

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

CVE-2022-23114

CVE-2022-23114 affects Jenkins Publish Over SSH Plugin 1.22 and earlier. The vulnerability is that passwords are stored unencrypted in the plugin’s global configuration file on the Jenkins controller, exposing credentials to users with filesystem access to the controller. The Red Hat advisory and...

CVE-2022-23112

CVE-2022-23112 concerns Jenkins Publish Over SSH Plugin, versions 1.22 and earlier. The root cause is a missing permission check that allows users with Overall/Read access to cause the controller to connect to an attacker‑specified SSH server using attacker‑supplied credentials. This enables pote...

CVE-2022-23111

A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

CVE-2022-23110

CVE-2022-23110 concerns Jenkins Publish Over SSH Plugin 1.22 and earlier, which does not escape the SSH server name, leading to a stored XSS vulnerability. Exploitation requires attacker to have Overall/Administer permission. The provided documents identify the affected plugin/version and the XSS...

Jenkins Plugin 路径遍历漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A path traversal vulnerability exists in Jenkins Publish Over SSH Plugin 1.22 and prior versions. An attacker with...