CVE-2017-2648
Improper Certificate Validation in maven/org.jenkins-ci.plugins/ssh-slaves
Identifiers
GHSA-x654-4wjh-74q6, CVE-2017-2648
Package Slug
maven/org.jenkins-ci.plugins/ssh-slaves
Vulnerability
Improper Certificate Validation
Description
It was found that jenkins-ssh-slaves-plugin before version 1.15 does not perform host key verification, thereby enabling Man-in-the-Middle attacks.
Affected Versions
All versions before 1.15
Solution
Upgrade to version 1.15 or above.
Last Modified
2024-01-31
| source |