CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23114
https://notcve.org/view.php?id=CVE-2022-23114
Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. El plugin Jenkins Publish Over SSH versiones 1.22 y anteriores, almacena la contraseña sin cifrar en su archivo de configuración global en el controlador Jenkins, donde puede ser visualizada por usuarios con acceso al sistema de archivos del controlador Jenkins • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2291 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23113
https://notcve.org/view.php?id=CVE-2022-23113
Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files. El plugin Jenkins Publish Over SSH versiones 1.22 y anteriores, lleva a cabo una comprobación del nombre del archivo especificando si está presente o no, resultando en una vulnerabilidad de salto de ruta que permite a atacantes con permiso Item/Configure detectar el nombre de los archivos del controlador Jenkins • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2307 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23112
https://notcve.org/view.php?id=CVE-2022-23112
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials. Una falta de comprobación de permisos en Jenkins Publish Over SSH Plugin versiones 1.22 y anteriores, permite a atacantes con acceso Overall/Read conectarse a un servidor SSH especificado por el atacante usando credenciales especificadas por el atacante • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23111
https://notcve.org/view.php?id=CVE-2022-23111
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Publish Over SSH Plugin versiones 1.22 y anteriores, permite a atacantes conectarse a un servidor SSH especificado por el atacante usando credenciales especificadas por el atacante • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23110
https://notcve.org/view.php?id=CVE-2022-23110
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. El plugin Jenkins Publish Over SSH versiones 1.22 y anteriores, no escapan el nombre del servidor SSH, lo que resulta en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes con permiso Overall/Administer • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •