Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins ssh vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-1000245
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.
Jenkins Ssh
4.3
CVSSv2
CVE-2022-27210
A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing c...
Jenkins Kubernetes Continuous Deploy
4.3
CVSSv2
CVE-2022-23111
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Publish Over Ssh
4.3
CVSSv2
CVE-2020-2147
A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Mac
4.3
CVSSv2
CVE-2019-16546
Jenkins Google Compute Engine Plugin 4.1.1 and previous versions does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.
Jenkins Google Compute Engine
4
CVSSv2
CVE-2022-30957
A missing permission check in Jenkins SSH Plugin 2.6.1 and previous versions allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Jenkins Ssh
1 Github repository
4
CVSSv2
CVE-2022-30959
A missing permission check in Jenkins SSH Plugin 2.6.1 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenk...
Jenkins Ssh
1 Github repository
4
CVSSv2
CVE-2022-27211
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing c...
Jenkins Kubernetes Continuous Deploy
4
CVSSv2
CVE-2022-23112
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and previous versions allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Publish Over Ssh
4
CVSSv2
CVE-2022-23113
Jenkins Publish Over SSH Plugin 1.22 and previous versions performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller ...
Jenkins Publish Over Ssh
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »