Vulnerabilities > Jenkins > Publish Over SSH > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-12 CVE-2022-23110 Cross-site Scripting vulnerability in Jenkins Publish Over SSH
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
network
low complexity
jenkins CWE-79
4.8
4.8
2022-01-12 CVE-2022-23111 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Publish Over SSH
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
network
low complexity
jenkins CWE-352
4.3
4.3
2022-01-12 CVE-2022-23112 Missing Authorization vulnerability in Jenkins Publish Over SSH
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.
network
low complexity
jenkins CWE-862
6.5
6.5
2022-01-12 CVE-2022-23113 Path Traversal vulnerability in Jenkins Publish Over SSH
Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files.
network
low complexity
jenkins CWE-22
4.3
4.3