CVE-2020-2146: Improper Verification of Cryptographic Signature

March 9, 2020

Jenkins Mac Plugin does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.

References

jenkins.io/security/advisory/2020-03-09/
nvd.nist.gov/vuln/detail/CVE-2020-2146

Detect and mitigate CVE-2020-2146 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →