CVE: CVE-2018-1999036

Export to Word

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.00204
Percentile: 0.42829

CVSS Scoring

CVSS v3.0 Score: 6.5

Severity: MEDIUM

Mapped CWE(s)

CWE-532 : Insertion of Sensitive Information into Log File

All CAPEC(s)

CAPEC-215: Fuzzing for application mapping

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:jenkins:ssh_agent:*:*:*:*:*:jenkins:*:*

← Back to Home