CVE Catalog
CVE-2023-37948
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk0.42%
34th percentile — higher than 34% of all known CVEs
Summary
Jenkins Oracle Cloud Infrastructure Compute Plugin version 1.0.16 and earlier does not validate SSH host keys when connecting to OCI clouds, enabling man-in-the-middle attacks.
Risk Assessment
The lack of SSH key validation poses a risk of data interception and unauthorized access to cloud resources, potentially leading to serious security breaches.
Recommendation
It is recommended to update the plugin to the latest version that includes fixes for SSH host key validation.
Original NVD description (English source)
Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks.

