The plugin `publish-over-ssh` appears to be missing from the latest plugin repository (https://updates.jenkins.io/update-center.json) The same plugin was however available in the previous version.
We use that plugin for close to all jobs and thus we are in desperate need for this plugin to be added to the repository again.
Jenkins Security Advisory 2022-01-12 describes the following vulnerabilities:
- SECURITY-2287 - Stored XSS vulnerability (medium severity)
- SECURITY-2290 - CSRF vulnerability and missing permission checks (medium severity)
- SECURITY-2307 - Path traversal vulnerability (medium severity)
- SECURITY-2291 - Password stored in plain text (low severity)
Until someone adopts the plugin, fixes the issues, and releases a new version, it will remain unavailable.
Users that accept the security vulnerabilities can still download the plugin from the Jenkins artifact repository and upload it to their Jenkins installation.