Insufficient Access Control in Jenkins SCP Publisher Plugin Affects Remote Server Connections
CVE-2022-25199

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Scp Publisher Plugin
Vendor: CVE Published:; 15 February 2022

Summary

A flaw in the Jenkins SCP Publisher Plugin permits unauthorized users with Overall/Read permissions to connect to any SSH server, using arbitrary credentials specified by the attacker. This vulnerability poses significant risks, as it allows attackers to exploit the connection for malicious purposes, potentially compromising sensitive information and system integrity.

Affected Version(s)

Jenkins SCP publisher Plugin <= 1.8

References

https://www.jenkins.io/security/advisory/2022-02-15/#SECU...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2022
Vulnerability Reserved
Feb 15, 2022