CVE-2022-25199

Summary

A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins SCP publisher Pluginunspecified <= 1.8affected
Jenkins projectJenkins SCP publisher Pluginnext of 1.8 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References