Description

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704

Related Vulnerabilities

CVE-2017-15683 Vulnerability in maven package org.craftercms:crafter-studio

CVE-2022-27166 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

CVE-2023-31469 Vulnerability in maven package org.apache.streampipes:streampipes-rest

CVE-2023-29515 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui

CVE-2015-5174 Vulnerability in maven package org.apache.tomcat:catalina

Severity

High

Classification

CWE-532 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory