Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JAVA-FREDFJENKINSPLUGINS-559578
- published 10 Mar 2020
- disclosed 9 Mar 2020
- credit Raihaan Shouhell, Autodesk, Inc
How to fix?
fr.edf.jenkins.plugins:mac to version 1.2.0 or higher.
fr.edf.jenkins.plugins:mac is a Jenkins plugin to build yours IOS apps, this plugin create MacOs agents for yours builds.
Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). It does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.