Vulnerability: Man-in-the-Middle Attack in Jenkins Ansible Plugin Disables Host Key Verification

Vulnerability: Man-in-the-Middle Attack in Jenkins Ansible Plugin Disables Host Key Verification

CVE-2018-1000149 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.

Learn more about our Web Application Penetration Testing UK.