Description

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704

Related Vulnerabilities

CVE-2022-45388 Vulnerability in maven package net.praqma:config-rotator

CVE-2019-10347 Vulnerability in maven package javagh.jenkins:mashup-portlets-plugin

CVE-2022-22984 Vulnerability in npm package @snyk/snyk-cocoapods-plugin

CVE-2022-23618 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2022-23082 Vulnerability in maven package io.whitesource:curekit

Severity

High

Classification

CWE-532 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory