CVE-2018-1000149 β€” Jenkins Ansible vulnerability

5 documents5 sources
Severity
5.6MEDIUMNVD
EPSS
0.1%
top 77.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Ansible
Timeline
PublishedApr 5
Latest updateMay 13

Description

A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages1 packages

β–ΆNVDjenkins/ansible0.8

πŸ”΄Vulnerability Details

3
OSV
Jenkins Ansible Plugin man in the middle vulnerability↗2022-05-13
β–Ά
GHSA
Jenkins Ansible Plugin man in the middle vulnerability↗2022-05-13
β–Ά
CVEList
CVE-2018-1000149: A man in the middle vulnerability exists in Jenkins Ansible Plugin 0β†—2018-04-05
β–Ά

πŸ“‹Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-03-26β†—2018-03-26
β–Ά
CVE-2018-1000149 β€” Jenkins Ansible vulnerability | cvebase