GHSA-cm7j-p8hc-97vj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cm7j-p8hc-97vj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-cm7j-p8hc-97vj/GHSA-cm7j-p8hc-97vj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-cm7j-p8hc-97vj
- Aliases
- Published
- 2022-07-28T00:00:43Z
- Modified
- 2024-02-16T08:16:03.090833Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
- Details
-
Jenkins Git client plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. Git client Plugin 3.11.1 provides strategies for performing host key verification for administrators to select the one that meets their security needs. For more information see the plugin documentation.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-36881
- https://github.com/jenkinsci/git-client-plugin/commit/88f52c6c9b18bca4ad210e3b9910a49433583fd9
- https://github.com/jenkinsci/git-client-plugin
- https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1468
- http://www.openwall.com/lists/oss-security/2022/07/27/1
Affected packages
Maven / org.jenkins-ci.plugins:git-client
Package
- Name
- org.jenkins-ci.plugins:git-client
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/git-client
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.11.1
Affected versions
1.*
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.1
1.1.1
1.1.2
1.2.0
1.3.0
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.5.0
1.5.1
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.7.0
1.8.0
1.8.1
1.9.0
1.9.1
1.9.2
1.10.0
1.10.1
1.10.2
1.11.0
1.11.1
1.12.0
1.13.0
1.14.0
1.14.1
1.15.0
1.16.1
1.17.0
1.17.1
1.18.0
1.19.0
1.19.1
1.19.2
1.19.3
1.19.4
1.19.5
1.19.6
1.19.7
1.20.0-beta1
1.20.0-beta2
1.20.0-beta3
1.20.2
1.21.0
2.*
2.0.0-beta1
2.0.0-beta2
2.0.0-beta3
2.0.0-beta4
2.0.0
2.1.0
2.2.0
2.2.1
2.3.0
2.4.0
2.4.1
2.4.2
2.4.4
2.4.5
2.4.6
2.5.0
2.6.0
2.7.0
2.7.1
2.7.2
2.7.3
2.7.3.1
2.7.4
2.7.4.1
2.7.5
2.7.6
2.7.7
2.7.7.1
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.9.0
3.*
3.0.0-beta1
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0-beta5
3.0.0-beta6
3.0.0-beta7
3.0.0-beta8
3.0.0-beta9
3.0.0-beta10
3.0.0-beta11
3.0.0-beta12
3.0.0-rc
3.0.0
3.1.0-beta
3.1.0
3.1.1
3.2.0
3.2.1
3.3.0
3.3.1
3.3.2
3.4.0
3.4.1
3.4.2
3.5.0
3.5.1
3.6.0
3.7.0
3.7.1
3.7.2
3.8.0
3.9.0
3.10.0
3.10.0.1
3.10.0.2
3.10.1
3.11.0