Lucene search
K

4 matches found

CVE
CVE
added 2022/05/17 2:6 p.m.127 views

CVE-2022-30957

CVE-2022-30957 affects Jenkins SSH Plugin (2.6.1 and earlier). A missing permission check allows attackers with Overall/Read to enumerate credentials IDs stored in Jenkins. This is documented in Jenkins security advisory 2022-05-17 and echoed by Red Hat, CNVD, OSV, GHSA, and CVE records. No expli...

4.3CVSS4.7AI score0.00684EPSS
CVE
CVE
added 2022/05/17 2:6 p.m.110 views

CVE-2022-30959

CVE-2022-30959 affects Jenkins SSH Plugin 2.6.1 and earlier. A missing permission check lets attackers with Overall/Read access connect to an attacker‑specified SSH server using credentials IDs obtained by other means, enabling capture of credentials stored in Jenkins. The description does not sp...

6.5CVSS6.5AI score0.008EPSS
CVE
CVE
added 2022/05/17 2:6 p.m.108 views

CVE-2022-30958

CVE-2022-30958 is a CSRF vulnerability in Jenkins SSH Plugin 2.6.1 and earlier . The issue allows an attacker to cause a Jenkins instance to connect to an attacker‑specified SSH server using attacker‑specified credentials IDs that are obtained by other means, resulting in credentials stored in Je...

8.8CVSS8.6AI score0.00625EPSS
CVE
CVE
added 2017/11/01 1:0 p.m.78 views

CVE-2017-1000245

Summary: CVE-2017-1000245 affects the Jenkins SSH Plugin, where user passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. This credential storage flaw can lead to disclosure of sensitive credentials used to access remote servers. The provided connected...

9.8CVSS9.3AI score0.01441EPSS