Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins ssh vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2022-30958
A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenk...
Jenkins Ssh
1 Github repository
605
VMScore
CVE-2022-25198
A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Scp Publisher
605
VMScore
CVE-2020-2185
Jenkins Amazon EC2 Plugin 1.50.1 and previous versions does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
Jenkins Amazon Ec2
605
VMScore
CVE-2019-16551
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and previous versions allows malicious users to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials.
Jenkins Gerrit Trigger
605
VMScore
CVE-2019-10471
A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Jenkins Libvirt Slaves
605
VMScore
CVE-2017-2648
It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.
Jenkins Ssh Slaves
578
VMScore
CVE-2022-25199
A missing permission check in Jenkins SCP publisher Plugin 1.8 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Scp Publisher
516
VMScore
CVE-2020-2146
Jenkins Mac Plugin 1.1.0 and previous versions does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.
Jenkins Mac
490
VMScore
CVE-2019-16552
A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a give...
Jenkins Gerrit Trigger
446
VMScore
CVE-2022-28327
The generic P-256 feature in crypto/elliptic in Go prior to 1.17.9 and 1.18.x prior to 1.18.1 allows a panic via long scalar input.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 7.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »