cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-30957,https://securityvulnerability.io/vulnerability/CVE-2022-30957,Missing Permission Check in Jenkins SSH Plugin by Jenkins,"A vulnerability exists in the Jenkins SSH Plugin prior to version 2.6.1, stemming from a missing permission check. This flaw allows users with Overall/Read permissions to enumerate the IDs of credentials stored within Jenkins, potentially exposing sensitive information and leading to further exploitation. It is crucial for Jenkins administrators to update the affected plugin to protect their systems against unauthorized access and data leaks.",Jenkins,Jenkins Ssh Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-05-17T15:15:00.000Z,0
CVE-2022-30959,https://securityvulnerability.io/vulnerability/CVE-2022-30959,Jenkins SSH Plugin Vulnerability Allows Unauthorized Access to Stored Credentials,"A flaw in the Jenkins SSH Plugin prior to version 2.6.1 allows attackers with Overall/Read permissions to connect to arbitrary SSH servers. By exploiting this vulnerability, attackers can use their own credentials or specific credential IDs obtained through alternative means to capture sensitive information stored within Jenkins. This exposes critical vulnerabilities that could lead to further attacks on the Jenkins server and its associated infrastructure.",Jenkins,Jenkins Ssh Plugin,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-05-17T14:06:32.000Z,0
CVE-2022-30958,https://securityvulnerability.io/vulnerability/CVE-2022-30958,Cross-Site Request Forgery in Jenkins SSH Plugin Affects Multiple Versions,"The Jenkins SSH Plugin has a vulnerability that allows an attacker to exploit cross-site request forgery, potentially enabling unauthorized access. By manipulating the user's request, the attacker can specify an SSH server and use stolen credential IDs, which may have been captured through other means. This vulnerability primarily affects users who have not implemented adequate security measures, putting sensitive SSH credentials at risk.",Jenkins,Jenkins Ssh Plugin,8.8,HIGH,0.0008099999977275729,false,,false,false,false,,,false,false,,2022-05-17T14:06:29.000Z,0
CVE-2022-23114,https://securityvulnerability.io/vulnerability/CVE-2022-23114,Password Exposure Vulnerability in Jenkins Publish Over SSH Plugin,"The Jenkins Publish Over SSH Plugin versions 1.22 and earlier are affected by a vulnerability that results in the storage of passwords in an unencrypted format within the global configuration file of the Jenkins controller. This poses a risk as passwords can be easily accessed by any user with permissions to view the Jenkins controller's file system, enabling unauthorized access to sensitive information and potential exploitation.",Jenkins,Jenkins Publish Over Ssh Plugin,3.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-01-12T19:06:19.000Z,0
CVE-2022-23113,https://securityvulnerability.io/vulnerability/CVE-2022-23113,Path Traversal Vulnerability in Jenkins Publish Over SSH Plugin,"The Jenkins Publish Over SSH Plugin prior to version 1.23 is affected by a path traversal vulnerability. This issue occurs because the plugin inadequately validates file names, allowing attackers who possess Item/Configure permissions to exploit this flaw. By doing so, they can potentially discover the names of files on the Jenkins controller, leading to unauthorized access to sensitive information.",Jenkins,Jenkins Publish Over Ssh Plugin,4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2022-01-12T19:06:17.000Z,0
CVE-2022-23112,https://securityvulnerability.io/vulnerability/CVE-2022-23112,Missing Permission Check in Jenkins Publish Over SSH Plugin,"A security vulnerability in the Jenkins Publish Over SSH Plugin allows attackers with Overall/Read access to connect to arbitrary SSH servers using attacker-specified credentials. This oversight could potentially expose sensitive information and allow unauthorized actions on remote servers, emphasizing the importance of securing such plugins to prevent misuse.",Jenkins,Jenkins Publish Over Ssh Plugin,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-01-12T19:06:15.000Z,0
CVE-2022-23111,https://securityvulnerability.io/vulnerability/CVE-2022-23111,Cross-Site Request Forgery Vulnerability in Jenkins Publish Over SSH Plugin,"A vulnerability in the Jenkins Publish Over SSH Plugin allows malicious actors to exploit cross-site request forgery (CSRF) attacks. When successfully executed, attackers can leverage this vulnerability to connect to maliciously defined SSH servers using credentials of their choosing. This poses significant security risks, enabling unauthorized actions and data breaches within Jenkins environments.",Jenkins,Jenkins Publish Over Ssh Plugin,4.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2022-01-12T19:06:13.000Z,0
CVE-2022-23110,https://securityvulnerability.io/vulnerability/CVE-2022-23110,Stored XSS in Jenkins Publish Over SSH Plugin by Cloudbees,"The Jenkins Publish Over SSH Plugin up to version 1.22 contains a vulnerability due to improper escaping of the SSH server name. This flaw permits attackers with Overall/Administer permissions to exploit the vulnerability, enabling stored cross-site scripting (XSS). When exploited, malicious scripts can be injected and stored, posing a significant risk to users accessing the affected Jenkins instance. Administrators are urged to upgrade to the latest version and implement security best practices to mitigate potential risks.",Jenkins,Jenkins Publish Over Ssh Plugin,4.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-01-12T19:06:11.000Z,0
CVE-2022-20620,https://securityvulnerability.io/vulnerability/CVE-2022-20620,Missing Permission Checks in Jenkins SSH Agent Plugin,"The Jenkins SSH Agent Plugin versions 1.23 and earlier suffer from missing permission checks, which allows users with Overall/Read access to exploit this vulnerability. By leveraging this flaw, attackers can enumerate the IDs of credentials stored within Jenkins, potentially leading to unauthorized access and further exploitation of the system. Addressing this vulnerability is crucial for maintaining the integrity and security of Jenkins environments.",Jenkins,Jenkins Ssh Agent Plugin,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-01-12T19:05:58.000Z,0
CVE-2017-2648,https://securityvulnerability.io/vulnerability/CVE-2017-2648,,"It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.",Jenkins,Jenkins-ssh-slaves-plugin,6.8,MEDIUM,0.0013099999632686377,false,,false,false,false,,,false,false,,2018-07-27T20:00:00.000Z,0