Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe
Filtered by product Ssh
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30959 1 Jenkins 1 Ssh 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-30958 1 Jenkins 1 Ssh 2024-11-21 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-30957 1 Jenkins 1 Ssh 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2017-1000245 1 Jenkins 1 Ssh 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.