Description
Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
Remediation
References
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1468
http://www.openwall.com/lists/oss-security/2022/07/27/1
Related Vulnerabilities
CVE-2023-26144 Vulnerability in npm package graphql
CVE-2018-1999007 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-30524 Vulnerability in maven package org.jenkins-ci.plugins:reportportal
CVE-2021-41182 Vulnerability in maven package org.webjars.npm:jquery-ui
CVE-2022-4565 Vulnerability in maven package cn.hutool:hutool-core