Critical severity9.8NVD Advisory· Published Nov 1, 2017· Updated May 13, 2026

CVE-2017-1000245

Description

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jvnet.hudson.plugins:sshMaven	<= 2.3	—
org.jenkins-ci.plugins:sshMaven	< 2.5	2.5

Affected products

Jenkins/SSH
cpe:2.3:a:jenkins:ssh:*:*:*:*:*:jenkins:*:*
Range: <=2.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-5gmf-8gh2-hhfpghsaADVISORY
jenkins.io/security/advisory/2017-07-10/nvdThird Party Advisory
nvd.nist.gov/vuln/detail/CVE-2017-1000245ghsaADVISORY
jenkins.io/security/advisory/2017-07-10ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000