CVE-2017-1000245
CRITICALJenkins SSH Plugin < 2.4 - Insufficiently Protected Credentials
Title source: llmDescription
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2017-07-10/
Scores
CVSS v3
9.8
EPSS
0.0006
EPSS Percentile
19.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (3)
jenkins/ssh
< 2.4
org.jenkins-ci.plugins/ssh
0 - 2.5Maven
org.jvnet.hudson.plugins/ssh
0Maven
Published
Nov 01, 2017
Tracked Since
Feb 18, 2026