GHSA-9G33-48JH-JQ7V Cross Site Request Forgery in Jenkins SSH Plugin

A cross-site request forgery CSRF vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

GHSA-X454-72FX-69Q3 Missing permission check in Jenkins SSH Plugin

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-30959

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-30958

A cross-site request forgery CSRF vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-30959

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-30958

A cross-site request forgery CSRF vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-30958

A cross-site request forgery CSRF vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-30957

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2022-30957

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

Design/Logic Flaw

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Information disclosure

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-30959

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-30959

CVE-2022-30959 affects Jenkins SSH Plugin 2.6.1 and earlier. A missing permission check lets attackers with Overall/Read access connect to an attacker‑specified SSH server using credentials IDs obtained by other means, enabling capture of credentials stored in Jenkins. The description does not sp...

CVE-2022-30958

CVE-2022-30958 is a CSRF vulnerability in Jenkins SSH Plugin 2.6.1 and earlier . The issue allows an attacker to cause a Jenkins instance to connect to an attacker‑specified SSH server using attacker‑specified credentials IDs that are obtained by other means, resulting in credentials stored in Je...

CVE-2022-30958

A cross-site request forgery CSRF vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-30957

CVE-2022-30957 affects Jenkins SSH Plugin (2.6.1 and earlier). A missing permission check allows attackers with Overall/Read to enumerate credentials IDs stored in Jenkins. This is documented in Jenkins security advisory 2022-05-17 and echoed by Red Hat, CNVD, OSV, GHSA, and CVE records. No expli...

Jenkins SSH Plugin 权限许可和访问控制问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins SSH Plugin 2.6.1 and earlier...

PT-2022-20413 · Jenkins · Jenkins Ssh Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SSH Plugin versions 2.6.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another metho...

Jenkins SSH Plugin 访问控制错误漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins SSH Plugin 2.6.1 and earlier...