Description
It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.
Remediation
References
http://www.securityfocus.com/bid/96985
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2648
https://jenkins.io/security/advisory/2017-03-20/
Related Vulnerabilities
CVE-2022-29244 Vulnerability in npm package npm
CVE-2016-10600 Vulnerability in npm package webrtc-native
CVE-2019-9153 Vulnerability in maven package org.webjars.npm:openpgp
CVE-2020-1945 Vulnerability in maven package org.apache.ant:ant
CVE-2022-31159 Vulnerability in maven package com.amazonaws:aws-java-sdk-s3