Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67590

publish-over-ssh plugin removed from update center


    • Publish Over SSH 1.24

      The plugin `publish-over-ssh` appears to be missing from the latest plugin repository (https://updates.jenkins.io/update-center.json) The same plugin was however available in the previous version.

      We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.

      Plugin removed from update center until security issues are resolved

      Jenkins Security Advisory 2022-01-12 describes the following vulnerabilities:

      • SECURITY-2287 - Stored XSS vulnerability (medium severity)
      • SECURITY-2290 - CSRF vulnerability and missing permission checks (medium severity)
      • SECURITY-2307 - Path traversal vulnerability (medium severity)
      • SECURITY-2291 - Password stored in plain text (low severity)

      Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable.

      Users that accept the security vulnerabilities can still download the plugin from the Jenkins artifact repository and upload it to their Jenkins installation.

            Unassigned Unassigned
            blueicarus Martijn
            4 Vote for this issue
            9 Start watching this issue