Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins ssh vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-23112
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and previous versions allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Publish Over Ssh
2.1
CVSSv2
CVE-2022-23114
Jenkins Publish Over SSH Plugin 1.22 and previous versions stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Publish Over Ssh
4
CVSSv2
CVE-2022-23113
Jenkins Publish Over SSH Plugin 1.22 and previous versions performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller ...
Jenkins Publish Over Ssh
2.1
CVSSv2
CVE-2013-6372
The Subversion plugin prior to 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
Jenkins-ci Subversion-plugin 1.27
Jenkins-ci Subversion-plugin 1.44
Jenkins-ci Subversion-plugin 1.18
Jenkins-ci Subversion-plugin 1.12
Jenkins-ci Subversion-plugin 1.39
Jenkins-ci Subversion-plugin 1.38
Jenkins-ci Subversion-plugin 1.24
Jenkins-ci Subversion-plugin 1.32
Jenkins-ci Subversion-plugin 1.1
Jenkins-ci Subversion-plugin 1.46
Jenkins-ci Subversion-plugin 1.0
Jenkins-ci Subversion-plugin 1.45
Jenkins-ci Subversion-plugin 1.41
Jenkins-ci Subversion-plugin 1.50
Jenkins-ci Subversion-plugin 1.3
Jenkins-ci Subversion-plugin 1.16
Jenkins-ci Subversion-plugin 1.11
Jenkins-ci Subversion-plugin 1.19
Jenkins-ci Subversion-plugin 1.30
Jenkins-ci Subversion-plugin 1.17
Jenkins-ci Subversion-plugin 1.35
Jenkins-ci Subversion-plugin 1.14
NA
CVE-2022-36881
Jenkins Git client Plugin 3.11.0 and previous versions does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
Jenkins Git Client
5.8
CVSSv2
CVE-2020-2146
Jenkins Mac Plugin 1.1.0 and previous versions does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.
Jenkins Mac
4.3
CVSSv2
CVE-2020-2147
A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Mac
4
CVSSv2
CVE-2020-2148
A missing permission check in Jenkins Mac Plugin 1.1.0 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Mac
6.8
CVSSv2
CVE-2020-2185
Jenkins Amazon EC2 Plugin 1.50.1 and previous versions does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
Jenkins Amazon Ec2
6.8
CVSSv2
CVE-2022-25198
A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Scp Publisher
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »