[MAVEN:GHSA-J54R-W587-95Q7] Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds.
This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds.
Oracle Cloud Infrastructure Compute Plugin 1.0.17 provides strategies for performing host key validation for administrators to select the one that meets their security needs.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute | < 1.0.17 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute | = 1.0.17 |
- ID
- MAVEN:GHSA-J54R-W587-95Q7
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-j54r-w587-95q7
- Published
-
2023-07-12T18:30:38
(14 months ago) - Modified
-
2023-11-08T05:04:33
(10 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute | org.jenkins-ci.plugins | oracle-cloud-infrastructure-compute | < 1.0.17 | |||
Fixed | pkg:maven/org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute | org.jenkins-ci.plugins | oracle-cloud-infrastructure-compute | = 1.0.17 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |