Description

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704

Related Vulnerabilities

CVE-2019-17640 Vulnerability in maven package io.vertx:vertx-core

CVE-2022-45378 Vulnerability in maven package soap:soap

CVE-2018-8006 Vulnerability in maven package org.apache.activemq:activemq-web-console

CVE-2016-2175 Vulnerability in maven package org.apache.pdfbox:pdfbox

CVE-2019-10320 Vulnerability in maven package org.jenkins-ci.plugins:credentials

Severity

High

Classification

CWE-532 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory