Description
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.
Remediation
References
https://pivotal.io/security/cve-2018-11087
Related Vulnerabilities
CVE-2020-1945 Vulnerability in maven package org.apache.ant:ant
CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on
CVE-2023-34602 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core
CVE-2018-1999001 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-28670 Vulnerability in maven package com.paul8620.jenkins.plugins:pipeline-aggregator-view