Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-cwcf-5m5w-mq2w

Опубликовано: 14 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 6.5

Описание

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:ssh-credentials

maven
Затронутые версииВерсия исправления

<= 1.13

1.14

Наименование

org.jenkins-ci.plugins:credentials

maven
Затронутые версииВерсия исправления

< 2.1.17

2.1.17

EPSS

Процентиль: 54%
0.00316
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2018-1000601

Дефекты

CWE-200

Связанные уязвимости

redhat логотип

CVE-2018-1000601

CVSS3: 6.5
redhat
больше 7 лет назад

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.

nvd логотип

CVE-2018-1000601

CVSS3: 6.5
nvd
больше 7 лет назад

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.

EPSS

Процентиль: 54%
0.00316
Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2018-1000601

Дефекты

CWE-200