Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2020-2146

UNKNOWN
Published 2020-03-09T15:01:01
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2020-2146. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Jenkins project

Jenkins Mac Plugin

Affected Versions:

unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Missing SSH host key validation in Mac Plugin

GHSA-rv9g-67f7-grq7

Advisory Details

Mac Plugin 1.1.0 and earlier does not use SSH host key validation when connecting to Mac Cloud host launched by the plugin. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to build agents. Mac Plugin 1.2.0 validates SSH host keys when connecting to agents.

Affected Packages

Maven fr.edf.jenkins.plugins:mac
ECOSYSTEM: ≥0 <1.2.0

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-2146
WEB https://github.com/jenkinsci/mac-plugin/commit/ba1a8206c7ef990d37498e5abdf210990ef046b5
PACKAGE https://github.com/jenkinsci/mac-plugin
WEB https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1692
WEB http://www.openwall.com/lists/oss-security/2020/03/09/1

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: January 14, 2023

References

https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1692
http://www.openwall.com/lists/oss-security/2020/03/09/1
Published: 2020-03-09T15:01:01
Last Modified: 2024-08-04T07:01:41.083Z
Copied to clipboard!