Cross-Site Request Forgery in Jenkins SSH Plugin Affects Multiple Versions
CVE-2022-30958

8.8HIGH

Key Information:

Vendor
Jenkins
Status
Jenkins Ssh Plugin
Vendor
CVE Published:
17 May 2022

Summary

The Jenkins SSH Plugin has a vulnerability that allows an attacker to exploit cross-site request forgery, potentially enabling unauthorized access. By manipulating the user's request, the attacker can specify an SSH server and use stolen credential IDs, which may have been captured through other means. This vulnerability primarily affects users who have not implemented adequate security measures, putting sensitive SSH credentials at risk.

Affected Version(s)

Jenkins SSH Plugin <= 2.6.1

References

https://www.jenkins.io/security/advisory/2022-05-17/#SECU...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.