Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins ssh vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-45047
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for l...
Apache Sshd
1 Github repository
9.8
CVSSv3
CVE-2017-1000245
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.
Jenkins Ssh
8.8
CVSSv3
CVE-2022-30958
A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenk...
Jenkins Ssh
1 Github repository
8.8
CVSSv3
CVE-2022-25198
A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Scp Publisher
8.8
CVSSv3
CVE-2022-25199
A missing permission check in Jenkins SCP publisher Plugin 1.8 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Scp Publisher
8.8
CVSSv3
CVE-2019-16551
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and previous versions allows malicious users to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials.
Jenkins Gerrit Trigger
8.8
CVSSv3
CVE-2019-10471
A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Jenkins Libvirt Slaves
8.1
CVSSv3
CVE-2022-36881
Jenkins Git client Plugin 3.11.0 and previous versions does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
Jenkins Git Client
7.5
CVSSv3
CVE-2022-28327
The generic P-256 feature in crypto/elliptic in Go prior to 1.17.9 and 1.18.x prior to 1.18.1 allows a panic via long scalar input.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 7.0
7.4
CVSSv3
CVE-2020-2146
Jenkins Mac Plugin 1.1.0 and previous versions does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.
Jenkins Mac
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »