Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GHSA-j54r-w587-95q7

GitHub Security Advisory

Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation

✓ GitHub Reviewed MODERATE Has CVE

Advisory Details

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds.

This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds.

Oracle Cloud Infrastructure Compute Plugin 1.0.17 provides strategies for performing host key validation for administrators to select the one that meets their security needs.

Affected Packages

Maven org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute

Affected versions: 0 (fixed in 1.0.17)

Related CVEs

CVE-2023-37948

Key Information

GHSA ID

GHSA-j54r-w587-95q7

Published

July 12, 2023 6:30 PM

Last Modified

July 12, 2023 10:31 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.