Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins ssh vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2017-1000245
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.
Jenkins Ssh
356
VMScore
CVE-2022-30957
A missing permission check in Jenkins SSH Plugin 2.6.1 and previous versions allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Jenkins Ssh
1 Github repository
605
VMScore
CVE-2022-30958
A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenk...
Jenkins Ssh
1 Github repository
356
VMScore
CVE-2022-30959
A missing permission check in Jenkins SSH Plugin 2.6.1 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenk...
Jenkins Ssh
1 Github repository
356
VMScore
CVE-2018-1000601
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and previous versions in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master ...
Jenkins Ssh Credentials
357
VMScore
CVE-2022-20620
Missing permission checks in Jenkins SSH Agent Plugin 1.23 and previous versions allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.
Jenkins Ssh Agent
605
VMScore
CVE-2017-2648
It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.
Jenkins Ssh Slaves
356
VMScore
CVE-2018-1999036
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and previous versions in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.
Jenkins Ssh Agent
312
VMScore
CVE-2022-23110
Jenkins Publish Over SSH Plugin 1.22 and previous versions does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
Jenkins Publish Over Ssh
384
VMScore
CVE-2022-23111
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Publish Over Ssh
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »