CVE Catalog

CVE-2023-37948

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.42%

34th percentile — higher than 34% of all known CVEs

Summary

Jenkins Oracle Cloud Infrastructure Compute Plugin version 1.0.16 and earlier does not validate SSH host keys when connecting to OCI clouds, enabling man-in-the-middle attacks.

Risk Assessment

The lack of SSH key validation poses a risk of data interception and unauthorized access to cloud resources, potentially leading to serious security breaches.

Recommendation

It is recommended to update the plugin to the latest version that includes fixes for SSH host key validation.

Original NVD description (English source)

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS