Approved changes feed: RSS · Atom
cpe:2.3:a:jenkins:ssh-agent:*:*:*:*:*:docker:*:*
part: a version: * update: *
| Vendor | Jenkins (d708d718-2e77-5ca3-ae9c-38ee4d256744) |
|---|---|
| Product | Ssh Agent (657d068e-1615-58d9-ad20-22bf0f44afe2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | docker |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/jenkinsci/ssh-agents-plugin |
purl2cpe | 2026-06-01 10:14:16.796068 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-32754 |
vulnerable | 2026-06-03 15:00:42.011178 |
Details available
In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.
Published: 2025-04-10T11:20:29.928Z
Updated: 2025-04-10T13:21:34.648Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.