CVE-2022-30959: 
Java vulnerability analysis and mitigation

A missing permission check vulnerability (CVE-2022-30959) was discovered in Jenkins SSH Plugin version 2.6.1 and earlier. The vulnerability was disclosed on May 17, 2022, as part of the Jenkins Security Advisory. This security issue affects the SSH Plugin, which is a component used for SSH connections in Jenkins installations (Jenkins Advisory).

The vulnerability stems from the SSH Plugin's failure to perform proper permission checks in an HTTP endpoint. The severity of this vulnerability is rated as High according to CVSS scoring system. The issue is tracked under the security identifier SECURITY-2093 and is specifically related to permission check mechanisms in the plugin (Jenkins Advisory).

When exploited, this vulnerability allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, potentially leading to the capture of credentials stored in Jenkins (Jenkins Advisory).

As of the advisory's publication date, no official fix was available for this vulnerability in the SSH Plugin 2.6.1. Users are advised to monitor for updates and implement additional access controls to restrict Overall/Read permissions where possible (Jenkins Advisory).