Description
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630
Related Vulnerabilities
CVE-2023-44483 Vulnerability in maven package org.apache.santuario:xmlsec
CVE-2019-10343 Vulnerability in maven package io.jenkins:configuration-as-code
CVE-2020-13941 Vulnerability in maven package org.apache.solr:solr-core
CVE-2023-27898 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-24432 Vulnerability in maven package io.jenkins.plugins:macstadium-orka