CVE-2022-30958
- EPSS 0.07%
- Published 17.05.2022 15:15:10
- Last modified 21.11.2024 07:03:37
A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials ...
CVE-2022-30959
- EPSS 0.81%
- Published 17.05.2022 15:15:10
- Last modified 21.11.2024 07:03:37
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing creden...
CVE-2022-30957
- EPSS 0.46%
- Published 17.05.2022 15:15:09
- Last modified 21.11.2024 07:03:37
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2017-1000245
- EPSS 0.06%
- Published 01.11.2017 13:29:00
- Last modified 20.04.2025 01:37:25
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.