CVE-2023-37948: Improper Input Validation

July 12, 2023 (updated July 21, 2023)

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks.

References

www.openwall.com/lists/oss-security/2023/07/12/2
github.com/advisories/GHSA-j54r-w587-95q7
nvd.nist.gov/vuln/detail/CVE-2023-37948
www.jenkins.io/security/advisory/2023-07-12/

Code Behaviors & Features

Detect and mitigate CVE-2023-37948 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →