GitHub Advisory DatabaseGHSA-884C-9WWH-9P6VCSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.002 Low
EPSS
Percentile
53.1%
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.jenkins-ci.plugins:publish-over-ssh | lt | 1.23 |
References
www.openwall.com/lists/oss-security/2022/01/12/6
github.com/advisories/GHSA-884c-9wwh-9p6v
github.com/jenkinsci/publish-over-ssh-plugin/commit/21bf41adbce9e71d3f77e113e29bf81d437cadc3
github.com/jenkinsci/publish-over-ssh-plugin/releases/tag/publish-over-ssh-1.23
nvd.nist.gov/vuln/detail/CVE-2022-23111
www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.002 Low
EPSS
Percentile
53.1%