CVE-2018-1000149 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2018-1000149

CWE

https://cwe.mitre.org/data/definitions/.html

A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default.

Affected Software

Name	Vendor	Start Version	End Version
Ansible	Jenkins	*	0.8 (including)

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-630