Moderate severityNVD Advisory· Published Jun 26, 2018· Updated Sep 16, 2024
CVE-2018-1000601
CVE-2018-1000601
Description
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:ssh-credentialsMaven | < 1.14 | 1.14 |
org.jenkins-ci.plugins:credentialsMaven | < 2.1.17 | 2.1.17 |
Affected products
2- ghsa-coords2 versions
< 2.1.17+ 1 more
- (no CPE)range: < 2.1.17
- (no CPE)range: < 1.14
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-cwcf-5m5w-mq2wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1000601ghsaADVISORY
- github.com/jenkinsci/credentials-plugin/commit/23fbd6de33cc3cb74eafd44e7b27dd87b52c8904ghsaWEB
- github.com/jenkinsci/ssh-credentials-plugin/commit/18b3121fa94a174064447d637dc11539e33b3a76ghsaWEB
- github.com/jenkinsci/ssh-credentials-plugin/commits/ssh-credentials-1.14ghsaWEB
- jenkins.io/security/advisory/2018-06-25/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.