Description
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630
Related Vulnerabilities
CVE-2021-40822 Vulnerability in maven package org.geoserver:gs-main
CVE-2019-10435 Vulnerability in maven package org.jenkins-ci.plugins:vault-scm-plugin
CVE-2023-5720 Vulnerability in maven package io.quarkus:quarkus-project
CVE-2020-6468 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-8203 Vulnerability in maven package org.webjars.bowergithub.lodash:lodash