Description
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704
Related Vulnerabilities
CVE-2019-17640 Vulnerability in maven package io.vertx:vertx-core
CVE-2022-45378 Vulnerability in maven package soap:soap
CVE-2018-8006 Vulnerability in maven package org.apache.activemq:activemq-web-console
CVE-2016-2175 Vulnerability in maven package org.apache.pdfbox:pdfbox
CVE-2019-10320 Vulnerability in maven package org.jenkins-ci.plugins:credentials