Medium severity6.5NVD Advisory· Published Aug 1, 2018· Updated Jun 17, 2026
CVE-2018-1999036
CVE-2018-1999036
Description
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:ssh-agentMaven | < 1.16 | 1.16 |
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-wwgx-94v6-fc2pghsaADVISORY
- jenkins.io/security/advisory/2018-07-30/nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1999036ghsaADVISORY
- github.com/jenkinsci/ssh-agent-plugin/commit/3a8abe1889d25f9a73cdba202cf27212b273de4dghsaWEB
News mentions
0No linked articles in our index yet.