CVE-2022-36881
jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
Jenkins Git client Plugin versiones 3.11.0 y anteriores, no lleva a cabo la verificación de la clave del host SSH cuando es conectado a repositorios Git por medio de SSH, lo que permite realizar ataques de tipo man-in-the-middle
A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-07-27 CVE Reserved
- 2022-07-27 CVE Published
- 2024-02-17 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
- CWE-322: Key Exchange without Entity Authentication
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2022/07/27/1 | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1468 | 2023-11-22 | |
https://access.redhat.com/security/cve/CVE-2022-36881 | 2023-01-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2114755 | 2023-01-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Jenkins Search vendor "Jenkins" | Git Client Search vendor "Jenkins" for product "Git Client" | <= 3.11.0 Search vendor "Jenkins" for product "Git Client" and version " <= 3.11.0" | jenkins |
Affected
|