CVE-2020-2185

Name of the Vulnerable Software and Affected Versions Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier

Description The issue concerns a lack of SSH host key validation when connecting agents, which could enable man-in-the-middle attacks to intercept connections to build agents. This could potentially allow unauthorized access or manipulation of data.

Recommendations For Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier, update to version 1.50.2 or later, which provides strategies for performing host key validation and assistance for migrating to a more secure strategy.