CVE-2022-36881

Summary

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Git client Pluginunspecified <= 3.11.0affected
Jenkins projectJenkins Git client Plugin3.10.0.1unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References