CVE-2018-1000149

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000149

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000149.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000149

Aliases

GHSA-322x-jv5h-cvjh

Published

2018-04-05T13:29:00Z

Modified

2024-09-03T02:01:19.503906Z

Severity

5.6 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630

Affected packages

Git / github.com/jenkinsci/ansible-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/ansible-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

15b3016aa0a3ad63c36f9bb6da3905e530e6d7d0

Affected versions

ansible-0.*

ansible-0.1

ansible-0.2

ansible-0.3

ansible-0.3.1

ansible-0.4

ansible-0.5

ansible-0.6

ansible-0.6.1

ansible-0.6.2

ansible-0.7

ansible-0.8