Exposure of Resource to Wrong Sphere
Missing permission checks in Jenkins SSH Agent Plugin allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.
Advisories for Maven/Org.jenkins-Ci.plugins/Ssh-Agent package
2022
2018
Inclusion of Sensitive Information in Log Files
An exposure of sensitive information vulnerability exists in the Jenkins SSH Agent Plugin in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.