CVE-2017-1000245

CRITICAL

SSH Plugin - Info Disclosure

Title source: llm

Description

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.

References (1)

[Third Party Advisory] https://jenkins.io/security/advisory/2017-07-10/

Scores

CVSS v3 9.8

EPSS 0.0006

EPSS Percentile 19.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status draft

Affected Products (3)

jenkins/ssh < 2.4

org.jvnet.hudson.plugins/ssh Maven

org.jenkins-ci.plugins/ssh < 2.5Maven

Timeline

Published Nov 01, 2017

Tracked Since Feb 18, 2026