Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01Z21mLThnaDItaGhmcM4AAR2I
Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.
Permalink: https://github.com/advisories/GHSA-5gmf-8gh2-hhfpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01Z21mLThnaDItaGhmcM4AAR2I
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-5gmf-8gh2-hhfp, CVE-2017-1000245
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000245
- https://jenkins.io/security/advisory/2017-07-10/
- https://github.com/advisories/GHSA-5gmf-8gh2-hhfp
Affected Packages
maven:org.jenkins-ci.plugins:ssh
Affected Version Ranges: < 2.5Fixed in: 2.5
maven:org.jvnet.hudson.plugins:ssh
Dependent packages: 0Dependent repositories: 1
Downloads:
Affected Version Ranges: <= 2.3
No known fixed version
All affected versions: