GHSA-5gmf-8gh2-hhfp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5gmf-8gh2-hhfp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5gmf-8gh2-hhfp/GHSA-5gmf-8gh2-hhfp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5gmf-8gh2-hhfp
- Aliases
- Published
- 2022-05-13T01:41:00Z
- Modified
- 2024-02-18T05:41:57.310391Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext
- Details
-
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.
- Database specific
{ "cwe_ids": [ "CWE-522" ], "github_reviewed": true, "github_reviewed_at": "2022-11-22T19:47:38Z", "nvd_published_at": "2017-11-01T13:29:00Z", "severity": "CRITICAL" }- References
Affected packages
Maven / org.jvnet.hudson.plugins:ssh
Package
- Name
- org.jvnet.hudson.plugins:ssh
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jvnet.hudson.plugins/ssh
Maven / org.jenkins-ci.plugins:ssh
Package
- Name
- org.jenkins-ci.plugins:ssh
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/ssh