CVSS: 5.9EPSS: 56%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30959
https://notcve.org/view.php?id=CVE-2022-30959
17 May 2022 — A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una comprobación de permiso faltante en Jenkins SSH Plugin versiones 2.6.1 y anteriores, permite a atacantes con permiso de Overall/Read conectarse a un servidor SSH especificado por el atacante usando IDs de credenciales especificadas p... • https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2093 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30958
https://notcve.org/view.php?id=CVE-2022-30958
17 May 2022 — A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins SSH Plugin versiones 2.6.1 y anteriores, permite a atacantes conectarse a un servidor SSH especificado por el atacante usando IDs de credenciales especificados por el atac... • https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2093 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30957
https://notcve.org/view.php?id=CVE-2022-30957
17 May 2022 — A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Una comprobación de permisos ausente en el plugin SSH de Jenkins versiones 2.6.1 y anteriores, permite a atacantes con permiso Overall/Read enumerar los ID de credenciales almacenados en Jenkins • http://www.openwall.com/lists/oss-security/2022/05/17/8 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000245
https://notcve.org/view.php?id=CVE-2017-1000245
01 Nov 2017 — The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. El plugin SSH almacena credenciales, lo que permite que las tareas accedan a servidores remotos mediante el protocolo SSH. Las contraseñas de usuarios así como las frases utilizadas como contraseñas para claves SSH cifradas se almacenan en texto plano en un archivos de configuración. • https://jenkins.io/security/advisory/2017-07-10 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 0CVE-2011-0766
https://notcve.org/view.php?id=CVE-2011-0766
31 May 2011 — The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys. El generador de números aleatorios de la aplicación Crypto en versiones anteriores a la 2.0.2.2, y SSH anteriores a 2.0.5, como es usado en la librería Erlang/OTP ssh en versiones anteriores a la R14B03, utiliza semillas predecibles b... • http://secunia.com/advisories/44709 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 2CVE-2002-1715 – SSH2 3.0 - Restricted Shell Escape (Command Execution)
https://notcve.org/view.php?id=CVE-2002-1715
31 Dec 2002 — SSH 1 through 3, and possibly other versions, allows local users to bypass restricted shells such as rbash or rksh by uploading a script to a world-writeable directory, then executing that script to gain normal shell access. • https://www.exploit-db.com/exploits/21398 •
CVSS: 8.1EPSS: 7%CPEs: 9EXPL: 1CVE-2001-0572
https://notcve.org/view.php?id=CVE-2001-0572
27 Jul 2001 — The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. • http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html •
CVSS: 8.1EPSS: 1%CPEs: 4EXPL: 0CVE-2001-0361
https://notcve.org/view.php?id=CVE-2001-0361
27 Jun 2001 — Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2001-0471 – SSH 1.2.30 - Daemon Logging Failure
https://notcve.org/view.php?id=CVE-2001-0471
24 May 2001 — SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack. • https://www.exploit-db.com/exploits/20615 •