Description

A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630

Related Vulnerabilities

CVE-2022-36944 Vulnerability in maven package org.scala-lang:scala-library

CVE-2023-3315 Vulnerability in maven package org.jenkins-ci.plugins:teamconcert

CVE-2023-32980 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2022-34183 Vulnerability in maven package io.jenkins.plugins:agent-server-parameter

CVE-2018-10054 Vulnerability in maven package com.h2database:h2

Severity

Medium

Classification

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Vendor Advisory NVD-CWE-noinfo