Description

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704

Related Vulnerabilities

CVE-2016-2166 Vulnerability in maven package org.apache.qpid:proton-j

CVE-2014-3600 Vulnerability in maven package org.apache.activemq:activemq-client

CVE-2021-21631 Vulnerability in maven package org.jenkins-ci.plugins:cloud-stats

CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-imap4

CVE-2014-0110 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal

Severity

High

Classification

CWE-532 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory