Description
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630
Related Vulnerabilities
CVE-2021-21624 Vulnerability in maven package org.jenkins-ci.plugins:role-strategy
CVE-2012-0803 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security
CVE-2011-4343 Vulnerability in maven package org.apache.myfaces.core:myfaces-api
CVE-2017-5637 Vulnerability in maven package org.apache.zookeeper:zookeeper
CVE-2021-25329 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core