CVE-2022-23112

2022-01-1220:15:09

Google

osv.dev

0.001 Low

EPSS

Percentile

22.0%

JSON

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.

CPENameOperatorVersion
publish-over-ssh-plugineqpublish-over-ssh-0.8
publish-over-ssh-plugineqpublish-over-ssh-1.18
publish-over-ssh-plugineqpublish-over-ssh-1.14
publish-over-ssh-plugineqpublish-over-ssh-1.19
publish-over-ssh-plugineqpublish-over-ssh-0.12
publish-over-ssh-plugineqpublish-over-ssh-0.13
publish-over-ssh-plugineqpublish-over-ssh-1.3
publish-over-ssh-plugineqpublish-over-ssh-1.5
publish-over-ssh-plugineqpublish-over-ssh-0.6
publish-over-ssh-plugineqpublish-over-ssh-0.9

Name	Operator	Version
publish-over-ssh-plugin	eq	publish-over-ssh-0.8
publish-over-ssh-plugin	eq	publish-over-ssh-1.18
publish-over-ssh-plugin	eq	publish-over-ssh-1.14
publish-over-ssh-plugin	eq	publish-over-ssh-1.19
publish-over-ssh-plugin	eq	publish-over-ssh-0.12
publish-over-ssh-plugin	eq	publish-over-ssh-0.13
publish-over-ssh-plugin	eq	publish-over-ssh-1.3
publish-over-ssh-plugin	eq	publish-over-ssh-1.5
publish-over-ssh-plugin	eq	publish-over-ssh-0.6
publish-over-ssh-plugin	eq	publish-over-ssh-0.9