Description
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630
Related Vulnerabilities
CVE-2021-22134 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2022-1274 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2020-2177 Vulnerability in maven package org.jenkins-ci.plugins:copr
CVE-2023-28684 Vulnerability in maven package com.sap.jenkinsci:remote-jobs-view-plugin
CVE-2022-45935 Vulnerability in maven package org.apache.james:james-server-core