exploitDog

CVE-2017-2648

Опубликовано: 27 июл. 2018

Источник: nvd

CVSS3: 6.8

CVSS3: 5.6

CVSS2: 6.8

EPSS Низкий

Описание

It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.

Ссылки

http://www.securityfocus.com/bid/96985
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2648
Issue Tracking
Third Party Advisory
https://jenkins.io/security/advisory/2017-03-20/
Vendor Advisory
http://www.securityfocus.com/bid/96985
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2648
Issue Tracking
Third Party Advisory
https://jenkins.io/security/advisory/2017-03-20/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:ssh_slaves:*:*:*:*:*:jenkins:*:*

Версия до 1.15 (исключая)

EPSS

Процентиль: 10%

0.00034

Низкий

6.8 Medium

CVSS3

5.6 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-295

CWE-295

Связанные уязвимости

GHSA-x654-4wjh-74q6

CVSS3: 5.6

github

больше 3 лет назад

Jenkins SSH Build Agents Plugin did not verify host keys

EPSS

Процентиль: 10%

0.00034

Низкий

6.8 Medium

CVSS3

5.6 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-295

CWE-295