Description
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704
Related Vulnerabilities
CVE-2022-45388 Vulnerability in maven package net.praqma:config-rotator
CVE-2019-10347 Vulnerability in maven package javagh.jenkins:mashup-portlets-plugin
CVE-2022-22984 Vulnerability in npm package @snyk/snyk-cocoapods-plugin
CVE-2022-23618 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2022-23082 Vulnerability in maven package io.whitesource:curekit