Advisories for Maven/Fr.edf.jenkins.plugins/Mac package

A missing permission check in Jenkins Mac Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.

Jenkins Mac Plugin does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.

A cross-site request forgery vulnerability in Jenkins Mac Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.