GHSA-x654-4wjh-74q6, CVE-2017-2648
maven/org.jenkins-ci.plugins/ssh-slaves
Improper Certificate Validation
It was found that jenkins-ssh-slaves-plugin before version 1.15 does not perform host key verification, thereby enabling Man-in-the-Middle attacks.
All versions before 1.15
Upgrade to version 1.15 or above.
2024-01-31
source |