PT-2025-15974 · Unknown+1 · Jenkins/Ssh-Slave+1
Abhishek Reddypalle
·
Publicado
2025-04-10
·
Atualizado
2025-04-14
·
CVE-2025-32755
CVSS v3.1
9.4
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Jenkins/ssh-slave Docker images based on Debian (affected versions not specified)
Description:
The issue arises from SSH host keys being generated on image creation for Jenkins/ssh-slave Docker images based on Debian. This results in all containers based on images of the same version using the same SSH host keys. An attacker who can insert themselves into the network path between the SSH client, typically the Jenkins controller, and the SSH build agent, can impersonate the latter.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Debian
Jenkins/Ssh-Slave