CVSS: 5.9EPSS: 67%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30959
https://notcve.org/view.php?id=CVE-2022-30959
17 May 2022 — A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una comprobación de permiso faltante en Jenkins SSH Plugin versiones 2.6.1 y anteriores, permite a atacantes con permiso de Overall/Read conectarse a un servidor SSH especificado por el atacante usando IDs de credenciales especificadas p... • https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2093 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30958
https://notcve.org/view.php?id=CVE-2022-30958
17 May 2022 — A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins SSH Plugin versiones 2.6.1 y anteriores, permite a atacantes conectarse a un servidor SSH especificado por el atacante usando IDs de credenciales especificados por el atac... • https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2093 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30957
https://notcve.org/view.php?id=CVE-2022-30957
17 May 2022 — A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una comprobación de permisos ausente en el plugin SSH de Jenkins versiones 2.6.1 y anteriores, permite a atacantes con permiso Overall/Read enumerar los ID de credenciales almacenados en Jenkins • http://www.openwall.com/lists/oss-security/2022/05/17/8 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-27191 – golang: crash in a golang.org/x/crypto/ssh server
https://notcve.org/view.php?id=CVE-2022-27191
18 Mar 2022 — The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. El paquete golang.org/x/crypto/ssh anterior a 0.0.0-20220314234659-1baeb1ce4c0b para Go permite a un atacante bloquear un servidor en ciertas circunstancias que implican AddHostKey A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject ... • https://groups.google.com/g/golang-announce • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43565 – golang.org/x/crypto: empty plaintext packet causes panic
https://notcve.org/view.php?id=CVE-2021-43565
04 Mar 2022 — The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. El paquete x/crypto/ssh versiones anteriores a 0.0.0-20211202192323-5770296d904e, de golang.org/x/crypto permite a un atacante entrar en pánico en un servidor SSH. There's an input validation flaw in golang.org/x/crypto's readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a pa... • https://groups.google.com/forum/#%21forum/golang-announce • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29652 – golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference
https://notcve.org/view.php?id=CVE-2020-29652
17 Dec 2020 — A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. Una desreferencia de puntero null en el componente golang.org/x/crypto/ssh versiones hasta v0.0.0-20201203163018-be400aefbc4c para Go, permite a atacantes remotos causar una denegación de servicio contra servidores SSH A null pointer dereference vulnerability was found in golang. When using the library's ssh server with... • https://go-review.googlesource.com/c/crypto/+/278852 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000245
https://notcve.org/view.php?id=CVE-2017-1000245
01 Nov 2017 — The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. El plugin SSH almacena credenciales, lo que permite que las tareas accedan a servidores remotos mediante el protocolo SSH. Las contraseñas de usuarios así como las frases utilizadas como contraseñas para claves SSH cifradas se almacenan en texto plano en un archivos de configuración. • https://jenkins.io/security/advisory/2017-07-10 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 0CVE-2011-0766
https://notcve.org/view.php?id=CVE-2011-0766
31 May 2011 — The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys. El generador de números aleatorios de la aplicación Crypto en versiones anteriores a la 2.0.2.2, y SSH anteriores a 2.0.5, como es usado en la librería Erlang/OTP ssh en versiones anteriores a la R14B03, utiliza semillas predecibles b... • http://secunia.com/advisories/44709 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 2CVE-2002-1715 – SSH2 3.0 - Restricted Shell Escape (Command Execution)
https://notcve.org/view.php?id=CVE-2002-1715
31 Dec 2002 — SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access. • https://www.exploit-db.com/exploits/21398 •