CVE-2022-20620

Summary

Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins SSH Agent Pluginunspecified <= 1.23affected
Jenkins projectJenkins SSH Agent Plugin1.22.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References