CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32754
https://notcve.org/view.php?id=CVE-2025-32754
10 Apr 2025 — In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter. • https://www.jenkins.io/security/advisory/2025-04-10/#SECURITY-3565 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2022-20620
https://notcve.org/view.php?id=CVE-2022-20620
12 Jan 2022 — Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Una falta de comprobaciones de permisos en el plugin de agente SSH de Jenkins versiones 1.23 y anteriores, permite a atacantes con acceso general/libre enumerar los ID de las credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2022/01/12/6 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1999036
https://notcve.org/view.php?id=CVE-2018-1999036
01 Aug 2018 — An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. Existe una vulnerabilidad de exposición de información sensible en el plugin SSH Agent en Jenkins en versiones 1.15 y anteriores en SSHAgentStepExecution.java que expone la contraseña de la clave privada SSH a los usuarios con permisos para leer el log de builds. • https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704 • CWE-532: Insertion of Sensitive Information into Log File •