CVE-2022-36881

High

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH,…

jenkins·CWE-295·Published 2022-07-27

CVSS

8.1

EPSS

0.01

KEV

Exploits

cve.orgen

168 chars

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.

NVDen

168 chars

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.

Jenkins Git client plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. Git client Plugin 3.11.1 provides strategies for performing host key verification for administrators to select the one that meets their security needs. For more information see [the plugin documentation](https://github.com/jenkinsci/git-client-plugin#ssh-host-key-verification).

GHSAen

447 chars

NVDes

228 chars

Jenkins Git client Plugin versiones 3.11.0 y anteriores, no lleva a cabo la verificación de la clave del host SSH cuando es conectado a repositorios Git por medio de SSH, lo que permite realizar ataques de tipo man-in-the-middle

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	GHSA	4.8	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N