CVE-2023-37948: Input Validation
First published: Wed Jul 12 2023(Updated: )
Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not perform SSH host key validation when connecting to OCI clouds. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to OCI clouds. Oracle Cloud Infrastructure Compute Plugin 1.0.17 provides strategies for performing host key validation for administrators to select the one that meets their security needs.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Cloud Infrastructure Compute | <1.0.17 | |
| maven/org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute | <1.0.17 | 1.0.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-api
- collector/nvd-latest
- collector/nvd-index
- collector/nvd-cve
- collector/github-advisory-latest
- alias/GHSA-j54r-w587-95q7
- alias/CVE-2023-37948
- collector/github-advisory
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- vendor/jenkins
- canonical/jenkins cloud infrastructure compute
- package-manager/maven