CVE-2022-20620

Exposure of Resource to Wrong Sphere in maven/org.jenkins-ci.plugins/ssh-agent

Identifiers

CVE-2022-20620

Package Slug

maven/org.jenkins-ci.plugins/ssh-agent

Vulnerability

Exposure of Resource to Wrong Sphere

Description

Missing permission checks in Jenkins SSH Agent Plugin allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.

Affected Versions

All versions up to 1.23

Solution

Upgrade to version 1.24 or above.

Last Modified

2022-01-19

source