Jenkins Ssh vulnerabilities

CVE-2022-30958 [HIGH] CWE-352 CVE-2022-30958: A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows att A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2022-30959 [MEDIUM] CWE-862 CVE-2022-30959: A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Rea A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2022-30957 [MEDIUM] CWE-862 CVE-2022-30957: A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Rea A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2017-1000245 [CRITICAL] CWE-522 CVE-2017-1000245: The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. Us The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.