An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.
References
Link | Resource |
---|---|
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704 | Vendor Advisory |
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704 | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704 - Vendor Advisory |
Information
Published : 2018-08-01 13:29
Updated : 2024-11-21 03:57
NVD link : CVE-2018-1999036
Mitre link : CVE-2018-1999036
CVE.ORG link : CVE-2018-1999036
JSON object : View
Products Affected
jenkins
- ssh_agent
CWE
CWE-532
Insertion of Sensitive Information into Log File