Description
It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.
Remediation
References
http://www.securityfocus.com/bid/96985
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2648
https://jenkins.io/security/advisory/2017-03-20/
Related Vulnerabilities
CVE-2022-38666 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration
CVE-2019-10378 Vulnerability in maven package org.jenkins-ci.plugins:testlink
CVE-2020-15119 Vulnerability in maven package org.webjars.npm:auth0-lock
CVE-2019-10760 Vulnerability in maven package org.webjars.npm:safer-eval