Description
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630
Related Vulnerabilities
CVE-2022-38666 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration
CVE-2021-25641 Vulnerability in maven package org.apache.dubbo:dubbo
CVE-2023-46998 Vulnerability in maven package org.webjars.bower:bootbox
CVE-2022-36898 Vulnerability in maven package com.compuware.jenkins:compuware-ispw-operations
CVE-2022-25209 Vulnerability in maven package org.jenkins-ci.plugins:sinatra-chef-builder