CVE-2017-2648

6.8MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins-ssh-slaves-plugin
Vendor: CVE Published:; 27 July 2018

Summary

It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.

Affected Version(s)

jenkins-ssh-slaves-plugin 1.15

References

http://www.securityfocus.com/bid/96985

vdb-entryx_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2648

x_refsource_CONFIRM

https://jenkins.io/security/advisory/2017-03-20/

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 27, 2018
Vulnerability Reserved
Dec 1, 2016

.