Description
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630
Related Vulnerabilities
CVE-2020-17523 Vulnerability in maven package org.apache.shiro:shiro-web
CVE-2019-3795 Vulnerability in maven package org.springframework.security:spring-security-core
CVE-2023-50723 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui
CVE-2023-34238 Vulnerability in npm package gatsby-plugin-mdx
CVE-2023-50769 Vulnerability in maven package org.sonatype.nexus.ci:nexus-jenkins-plugin