CVE-2020-2185
Summary
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
- HIGH
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- LOW
- LOW
References
Advisory Timeline
- Published
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.