Description

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704

Related Vulnerabilities

CVE-2020-2131 Vulnerability in maven package org.jenkins-ci.plugins:harvest

CVE-2022-25883 Vulnerability in maven package org.webjars.npm:semver

CVE-2011-1475 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2023-32999 Vulnerability in maven package com.rapid7:jenkinsci-appspider-plugin

CVE-2019-1003095 Vulnerability in maven package org.jenkins-ci.plugins:perfectomobile

Severity

High

Classification

CWE-532 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory