1 results (0.004 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks. Se ha encontrado que jenkins-ssh-slaves-plugin en versiones anteriores a la 1.15 no realizaba la verificación de la clave del host, permitiendo así ataques Man-in-the-Middle (MitM). • http://www.securityfocus.com/bid/96985 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2648 https://jenkins.io/security/advisory/2017-03-20 • CWE-295: Improper Certificate Validation •