CVE-2017-1000245 – org.jenkins-ci.plugins:ssh

Package

Manager: maven
Name: org.jenkins-ci.plugins:ssh
Vulnerable Version: >=0 <2.5

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00061 pctl0.19414

Details

Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.

Metadata

Created: 2022-05-13T01:41:00Z
Modified: 2022-11-22T19:47:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5gmf-8gh2-hhfp/GHSA-5gmf-8gh2-hhfp.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-5gmf-8gh2-hhfp
Finding: F035
Auto approve: 1