PT-2018-7156 · Jenkins · Jenkins-Ssh-Slaves-Plugin+1

Tim Otten

·

Published

2018-07-27

·

Updated

2022-05-13

·

CVE-2017-2648

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions: jenkins-ssh-slaves-plugin versions prior to 1.15
Description: The issue allows for Man-in-the-Middle attacks due to the lack of host key verification.
Recommendations: For versions prior to 1.15, update to version 1.15 or later to resolve the issue.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2017-2648
GHSA-X654-4WJH-74Q6

Affected Products

Jenkins
Jenkins-Ssh-Slaves-Plugin