Description
Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.
Remediation
References
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1692
http://www.openwall.com/lists/oss-security/2020/03/09/1
Related Vulnerabilities
CVE-2022-29166 Vulnerability in npm package matrix-org-irc
CVE-2021-21351 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2015-6524 Vulnerability in maven package org.apache.activemq:activemq-jaas
CVE-2021-29459 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web