Description

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.

Remediation

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704

Related Vulnerabilities

CVE-2018-10862 Vulnerability in maven package org.wildfly.core:wildfly-deployment-repository

CVE-2017-1000386 Vulnerability in maven package org.biouno:uno-choice

CVE-2020-2271 Vulnerability in maven package org.jenkins-ci.plugins:locked-files-report

CVE-2023-30513 Vulnerability in maven package org.csanchez.jenkins.plugins:kubernetes

CVE-2020-6454 Vulnerability in maven package org.webjars.npm:electron

Severity

High

Classification

CWE-532 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory