CVE-2018-1999036
First published: Wed Aug 01 2018(Updated: )
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.jenkins-ci.plugins:ssh-agent | <=1.15 | 1.16 |
| Jenkins SSH Agent | <=1.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1999036?
CVE-2018-1999036 is classified as a moderate severity vulnerability.
How do I fix CVE-2018-1999036?
To fix CVE-2018-1999036, upgrade the Jenkins SSH Agent Plugin to version 1.16 or later.
What is impacted by CVE-2018-1999036?
CVE-2018-1999036 affects the Jenkins SSH Agent Plugin versions 1.15 and earlier.
What type of information is exposed in CVE-2018-1999036?
CVE-2018-1999036 exposes the SSH private key password in the build log to unauthorized users.
Who is vulnerable to CVE-2018-1999036?
Users with permission to read the Jenkins build log are vulnerable to CVE-2018-1999036.
- collector/github-advisory-latest
- alias/GHSA-wwgx-94v6-fc2p
- alias/CVE-2018-1999036
- collector/github-advisory
- agent/type
- agent/author
- agent/softwarecombine
- agent/severity
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/maven
- vendor/jenkins
- canonical/jenkins ssh agent
- version/jenkins ssh agent/1.15