16 matches found
EUVD-2022-0550
Malicious code in bioql PyPI...
EUVD-2022-5656
Malicious code in bioql PyPI...
CVE-2022-20620
Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2018-1999036
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log...
Jenkins Permissions and Access Control Issues Vulnerability
Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins SSH Agent Plugin 1.23 previously had a security vulnerability that stemmed from a lack of privilege checking, whi...
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs
Jenkins SSH Agent Plugin prior to 1.23.2 and 1.22.1 does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...
GHSA-9WXH-JJJ5-67CV Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs
Jenkins SSH Agent Plugin prior to 1.23.2 and 1.22.1 does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...
CVE-2022-20620
Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-20620
Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...
Information disclosure
Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-20620
CVE-2022-20620 affects Jenkins SSH Agent Plugin (versions 1.23 and earlier). The root cause is missing permission checks in several HTTP endpoints, allowing attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. This could facilitate credential exposure ...
CVE-2022-20620
Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...
PT-2022-14829 · Jenkins · Jenkins Ssh Agent Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins SSH Agent Plugin versions 1.23 and earlier Jenkins SSH Agent Plugin versions prior to 1.23.2 and 1.22.1 Description: The issue is related to missing permission checks in the Jenkins SSH Agent Plugin, which allows attackers with...
CVE-2018-1999036
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log...
CVE-2018-1999036
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log...
CVE-2018-1999036
CVE-2018-1999036 affects Jenkins SSH Agent Plugin 1.15 and earlier, where SSHAgentStepExecution.java logs the ssh-add command, exposing the SSH private key password to users who can read the build log. The issue’s root cause is sensitive information disclosure via build-log logging. Remediation i...