SSH Agent Plugin up to 1.23 on Jenkins authorization

A vulnerability was found in SSH Agent Plugin up to 1.23 on Jenkins (SSH Server Software). It has been declared as problematic. This vulnerability affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field01/13/2022 07:25 AM01/15/2022 02:33 PM
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore2.32.3
cvss2_vuldb_tempscore2.32.3
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.53.5
cvss3_meta_basescore3.53.5
cvss3_meta_tempscore3.53.5
price_0day$0-$5k$0-$5k
nameSSH Agent PluginSSH Agent Plugin
version<=1.23<=1.23
platformJenkinsJenkins
cwe862 (privilege escalation)862 (privilege escalation)
risk22
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss3_vuldb_rcCC
urlhttps://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2189https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2189
cveCVE-2022-20620CVE-2022-20620
cve_assigned16353720001635372000
date1642028400 (01/13/2022)1642028400 (01/13/2022)
typeSSH Server SoftwareSSH Server Software
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_avAA
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_avAA
confirm_urlhttps://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2189
cve_nvd_summaryMissing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.

Do you need the next level of professionalism?

Upgrade your account now!