CVE-2022-36881
published 2022-07-27CVE-2022-36881: Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | android_signing_plugin | — | — |
| jenkins | bmc_ami_devx_code_debug_code_coverage_plugin | — | — |
| jenkins | bmc_ami_devx_code_pipeline_operations_plugin | — | — |
| jenkins | buckminster_plugin | — | — |
| jenkins | clif_performance_testing_plugin | — | — |
| jenkins | code_pipeline_plugin | — | — |
| jenkins | compuware_topaz_utilities_plugin | — | — |
| jenkins | coverity_plugin | — | — |
| jenkins | deployer_framework_plugin | — | — |
| jenkins | dynamic_extended_choice_parameter_plugin | — | — |
| jenkins | external_monitor_job_type_plugin | — | — |
| jenkins | files_found_trigger_plugin | — | — |
| jenkins | for_more_information_see_the_plugin | — | — |
| jenkins | git_client | <= 3.11.0 | — |
| jenkins | git_client_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | github_plugin | — | — |
| jenkins | google_cloud_backup_plugin | — | — |
| jenkins | hashicorp_vault_plugin | — | — |
| jenkins | http_request_plugin | — | — |
| jenkins | jenkins_ci_server_plugin | — | — |
| jenkins | job_configuration_history_plugin | — | — |
| jenkins | lack_of_authentication_mechanism_in_git_plugin | — | — |
| jenkins | lucene-search_plugin | — | — |
| jenkins | maven_metadata_plugin | — | — |