PT-2025-15974 · Unknown+1 · Jenkins/Ssh-Slave+1
Abhishek Reddypalle
·
Published
2025-04-10
·
Updated
2025-04-14
·
CVE-2025-32755
CVSS v3.1
9.4
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Jenkins/ssh-slave Docker images based on Debian (affected versions not specified)
Description:
The issue arises from SSH host keys being generated on image creation for Jenkins/ssh-slave Docker images based on Debian. This results in all containers based on images of the same version using the same SSH host keys. An attacker who can insert themselves into the network path between the SSH client, typically the Jenkins controller, and the SSH build agent, can impersonate the latter.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Jenkins/Ssh-Slave