Key Exchange without Entity Authentication
Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc does not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure