4 matches found
CVE-2022-30957
CVE-2022-30957 affects Jenkins SSH Plugin (2.6.1 and earlier). A missing permission check allows attackers with Overall/Read to enumerate credentials IDs stored in Jenkins. This is documented in Jenkins security advisory 2022-05-17 and echoed by Red Hat, CNVD, OSV, GHSA, and CVE records. No expli...
CVE-2022-30959
CVE-2022-30959 affects Jenkins SSH Plugin 2.6.1 and earlier. A missing permission check lets attackers with Overall/Read access connect to an attacker‑specified SSH server using credentials IDs obtained by other means, enabling capture of credentials stored in Jenkins. The description does not sp...
CVE-2022-30958
CVE-2022-30958 is a CSRF vulnerability in Jenkins SSH Plugin 2.6.1 and earlier . The issue allows an attacker to cause a Jenkins instance to connect to an attacker‑specified SSH server using attacker‑specified credentials IDs that are obtained by other means, resulting in credentials stored in Je...
CVE-2017-1000245
Summary: CVE-2017-1000245 affects the Jenkins SSH Plugin, where user passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. This credential storage flaw can lead to disclosure of sensitive credentials used to access remote servers. The provided connected...