Описание
Jenkins SSH Build Agents Plugin did not verify host keys
It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.
Пакеты
Наименование
org.jenkins-ci.plugins:ssh-slaves
maven
Затронутые версииВерсия исправления
< 1.15
1.15
Связанные уязвимости
CVSS3: 6.8
nvd
больше 7 лет назад
It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.