GHSA-5gmf-8gh2-hhfp

Source

https://github.com/advisories/GHSA-5gmf-8gh2-hhfp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5gmf-8gh2-hhfp/GHSA-5gmf-8gh2-hhfp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5gmf-8gh2-hhfp

Aliases

CVE-2017-1000245

Published

2022-05-13T01:41:00Z

Modified

2024-02-18T05:41:57.310391Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext

Details

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.

Database specific

{
    "nvd_published_at": "2017-11-01T13:29:00Z",
    "cwe_ids": [
        "CWE-522"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-22T19:47:38Z"
}

References

Affected packages

Maven / org.jvnet.hudson.plugins:ssh

Package

Name: org.jvnet.hudson.plugins:ssh; View open source insights on deps.dev
Purl: pkg:maven/org.jvnet.hudson.plugins/ssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.3

Affected versions

1.*

1.0

1.1

1.2

1.3

1.6

1.7

2.*

2.0

2.1

2.2

2.3

Maven / org.jenkins-ci.plugins:ssh

Package

Name: org.jenkins-ci.plugins:ssh; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/ssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5

Affected versions

2.*

2.4