Description

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704

Related Vulnerabilities

CVE-2023-28155 Vulnerability in maven package org.webjars:request

CVE-2012-0392 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2022-22947 Vulnerability in maven package org.springframework.cloud:spring-cloud-gateway

CVE-2007-5333 Vulnerability in maven package tomcat:tomcat-coyote

CVE-2022-36892 Vulnerability in maven package org.jenkins-ci.plugins:rhnpush-plugin

Severity

High

Classification

CWE-532 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory