CVE-2022-23112
https://notcve.org/view.php?id=CVE-2022-23112
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials. Una falta de comprobación de permisos en Jenkins Publish Over SSH Plugin versiones 1.22 y anteriores, permite a atacantes con acceso Overall/Read conectarse a un servidor SSH especificado por el atacante usando credenciales especificadas por el atacante • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290 • CWE-862: Missing Authorization •
CVE-2022-23111
https://notcve.org/view.php?id=CVE-2022-23111
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Publish Over SSH Plugin versiones 1.22 y anteriores, permite a atacantes conectarse a un servidor SSH especificado por el atacante usando credenciales especificadas por el atacante • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-23110
https://notcve.org/view.php?id=CVE-2022-23110
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. El plugin Jenkins Publish Over SSH versiones 1.22 y anteriores, no escapan el nombre del servidor SSH, lo que resulta en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes con permiso Overall/Administer • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-20620
https://notcve.org/view.php?id=CVE-2022-20620
Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Una falta de comprobaciones de permisos en el plugin de agente SSH de Jenkins versiones 1.23 y anteriores, permite a atacantes con acceso general/libre enumerar los ID de las credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2189 • CWE-862: Missing Authorization •
CVE-2018-1999036
https://notcve.org/view.php?id=CVE-2018-1999036
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. Existe una vulnerabilidad de exposición de información sensible en el plugin SSH Agent en Jenkins en versiones 1.15 y anteriores en SSHAgentStepExecution.java que expone la contraseña de la clave privada SSH a los usuarios con permisos para leer el log de builds. • https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704 • CWE-532: Insertion of Sensitive Information into Log File •