CVE-2017-1000245

CRITICAL9.8EPSS 0.06%

Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext

Published: 5/13/2022Modified: 2/18/2024

Description

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.

Affected packages (2)

Maven/org.jenkins-ci.plugins:sshfrom 0, < 2.5
Maven/org.jvnet.hudson.plugins:sshfrom 0, <= 2.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000245
WEBhttps://jenkins.io/security/advisory/2017-07-10