Vulnerability: Man-in-the-Middle Attack in Jenkins Ansible Plugin Disables Host Key Verification
CVE-2018-1000149 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.
Learn more about our Web Application Penetration Testing UK.