Jenkins Git client plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. Git client Plugin 3.11.1 provides strategies for performing host key verification for administrators to select the one that meets their security needs. For more information see the plugin documentation.
{ "nvd_published_at": "2022-07-27T15:15:00Z", "cwe_ids": [ "CWE-295", "CWE-322" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-08-10T17:39:44Z" }