Lucene search
GoogleOSV:GHSA-884C-9WWH-9P6VHistoryJan 13, 2022 - 12:00 a.m.
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin
2022-01-1300:00:53
Google
osv.dev
7
0.002 Low
EPSS
Percentile
53.1%
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
References
www.openwall.com/lists/oss-security/2022/01/12/6
github.com/jenkinsci/publish-over-ssh-plugin
github.com/jenkinsci/publish-over-ssh-plugin/commit/21bf41adbce9e71d3f77e113e29bf81d437cadc3
github.com/jenkinsci/publish-over-ssh-plugin/releases/tag/publish-over-ssh-1.23
nvd.nist.gov/vuln/detail/CVE-2022-23111
www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2290
Related
github
github
cvelist
cvelist
CVE-2022-23111
2022-01-12 19:06:13
cnvd
cnvd
Jenkins Publish Over SSH Plugin Cross-Site Request Forgery Vulnerability
2022-01-16 00:00:00
cve
cve
CVE-2022-23111
2022-01-12 20:15:09
prion
prion
Cross site request forgery (csrf)
2022-01-12 20:15:00
nvd
nvd
CVE-2022-23111
2022-01-12 20:15:09
osv
osv
CVE-2022-23111
2022-01-12 20:15:09
nessus
nessus
Jenkins Enterprise and Operations Center < 2.277.43.0.5 / 2.319.2.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-01-12)
2022-02-15 00:00:00
Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 Multiple Vulnerabilities
2022-01-21 00:00:00
Jenkins plugins Multiple Vulnerabilities (2022-01-12)
2022-01-21 00:00:00