Man-in-the-Middle Vulnerability in Jenkins SSH Slaves Plugin by CloudBees
CVE-2017-2648

6.8MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins-ssh-slaves-plugin
Vendor: CVE Published:; 27 July 2018

Summary

The Jenkins SSH Slaves Plugin prior to version 1.15 lacks proper host key verification during SSH connections. This oversight allows attackers to execute Man-in-the-Middle attacks, potentially compromising sensitive data exchanged between the server and a connected slave. Ensuring host key verification is critical for maintaining the integrity and confidentiality of data transmissions in Jenkins environments.