Description
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704
Related Vulnerabilities
CVE-2016-6816 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2018-1000606 Vulnerability in maven package org.jenkins-ci.plugins:urltrigger
CVE-2012-0022 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2020-2247 Vulnerability in maven package org.jenkins-ci.plugins:klocwork
CVE-2021-41084 Vulnerability in maven package org.http4s:http4s-server_3