CVE-2023-41939 – org.jenkins-ci.plugins:ssh2easy

Package

Manager: maven
Name: org.jenkins-ci.plugins:ssh2easy
Vulnerable Version: >=0 <1.6

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00044 pctl0.12624

Details

Disabled permissions can be granted by Jenkins SSH2 Easy Plugin Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (typically optional permissions, like Overall/Manage) to access functionality they're no longer entitled to.

Metadata

Created: 2023-09-06T15:30:26Z
Modified: 2024-01-30T23:07:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-4gh2-m88h-8cj8/GHSA-4gh2-m88h-8cj8.json
CWE IDs: ["CWE-281"]
Alternative ID: GHSA-4gh2-m88h-8cj8
Finding: F159
Auto approve: 1