Jenkins SSH Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins SSH Plugin 2.6.1 and earlier...

Ansible uses a socket with predictable filename in /tmp

runner/connectionplugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/...

Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file...

GHSA-5GMF-8GH2-HHFP Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file...

Stored XSS vulnerability in Jenkins Publish Over SSH Plugin

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

Path traversal vulnerability in Jenkins Publish Over SSH Plugin

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...

CVE-2022-23113

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...

CVE-2022-23112

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials...

CVE-2022-23113

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...

CVE-2022-23112

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

Cross site scripting

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

CVE-2022-23114

CVE-2022-23114 affects Jenkins Publish Over SSH Plugin 1.22 and earlier. The vulnerability is that passwords are stored unencrypted in the plugin’s global configuration file on the Jenkins controller, exposing credentials to users with filesystem access to the controller. The Red Hat advisory and...

CVE-2022-23113

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...

CVE-2022-23113

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...

CVE-2022-23112

CVE-2022-23112 concerns Jenkins Publish Over SSH Plugin, versions 1.22 and earlier. The root cause is a missing permission check that allows users with Overall/Read access to cause the controller to connect to an attacker‑specified SSH server using attacker‑supplied credentials. This enables pote...

CVE-2022-23111

A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

CVE-2022-23110

CVE-2022-23110 concerns Jenkins Publish Over SSH Plugin 1.22 and earlier, which does not escape the SSH server name, leading to a stored XSS vulnerability. Exploitation requires attacker to have Overall/Administer permission. The provided documents identify the affected plugin/version and the XSS...

Jenkins Plugin 路径遍历漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A path traversal vulnerability exists in Jenkins Publish Over SSH Plugin 1.22 and prior versions. An attacker with...

Jenkins SSH Plugin Insecure Password Storage Information Disclosure Vulnerability

Jenkins is the open source automation server . Jenkins provides numerous plug-ins that support building, deploying and automating projects. An information disclosure vulnerability exists in the Jenkins SSH plugin. An attacker can exploit the vulnerability to obtain sensitive information and launc...