Description

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704

Related Vulnerabilities

CVE-2022-45393 Vulnerability in maven package org.jenkins-ci.plugins:delete-log-plugin

CVE-2023-48240 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security-authentication-default

CVE-2019-10373 Vulnerability in maven package org.jenkins-ci.plugins:build-pipeline-plugin

CVE-2023-49447 Vulnerability in maven package com.jfinal:jfinal

CVE-2020-2150 Vulnerability in maven package org.jenkins-ci.plugins:quality-gates

Severity

High

Classification

CWE-532 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory