{"id":"CVE-2022-36881","details":"Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.","aliases":["GHSA-cm7j-p8hc-97vj"],"modified":"2026-05-18T23:26:47.867224Z","published":"2022-07-27T15:15:08.770Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/07/27/1"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1468"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/git-client-plugin","events":[{"introduced":"0"},{"last_affected":"c36a4657d06c5c98723a0d0da2da45694b610b5f"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"3.11.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:jenkins:git_client:*:*:*:*:*:jenkins:*:*"}}],"versions":["git-client-3.11.0","git-client-3.10.1","git-client-3.10.0","git-client-3.9.0","git-client-3.8.0","git-client-3.7.2","git-client-3.7.1","git-client-3.7.0","git-client-3.6.0","git-client-3.5.1","git-client-3.5.0","git-client-3.4.2","git-client-3.4.1","git-client-3.4.0","git-client-3.3.2","git-client-3.3.1","git-client-3.3.0","git-client-3.2.1","git-client-3.2.0","git-client-3.1.1","git-client-3.1.0","git-client-3.1.0-beta","git-client-3.0.0","git-client-3.0.0-beta12","git-client-3.0.0-beta11","git-client-3.0.0-beta10","git-client-3.0.0-beta9","git-client-3.0.0-beta8","git-client-3.0.0-beta7","git-client-3.0.0-rc","git-client-3.0.0-beta5","git-client-3.0.0-beta4","git-client-3.0.0-beta3","git-client-3.0.0-beta2","git-client-3.0.0-beta1","git-client-2.7.1","git-client-2.7.0","git-client-2.6.0","git-client-2.5.0","git-client-2.4.6","git-client-2.4.5","git-client-2.4.4","git-client-2.4.3","git-client-2.4.2","git-client-2.4.1","git-client-2.4.0","git-client-2.3.0","git-client-2.2.1","git-client-2.2.0","git-client-2.1.0","git-client-1.21.0","git-client-1.20.2","git-client-1.20.1","git-client-1.20.0","git-client-1.19.7","git-client-1.19.6","git-client-1.19.5","git-client-1.19.4","git-client-1.19.3","git-client-1.19.2","git-client-1.19.1","git-client-1.19.0","git-client-1.18.0","git-client-1.16.1","git-client-1.17.0","git-client-1.16.0","git-client-1.15.0","git-client-1.14.1","git-client-1.14.0","git-client-1.13.0","git-client-1.12.0","git-client-1.11.1","git-client-1.11.0","git-client-1.10.2","git-client-1.10.1","git-client-1.10.0","git-client-1.9.2","git-client-1.9.1","git-client-1.9.0","git-client-1.8.1","git-client-1.8.0","git-client-1.7.0","git-client-1.6.6","git-client-1.6.5","git-client-1.6.4","git-client-1.6.3","git-client-1.6.2","git-client-1.6.1","git-client-1.6.0","git-client-1.5.1","git-client-1.5.0","git-client-1.4.4","git-client-1.4.3","git-client-1.4.2","git-client-1.4.1","git-client-1.4.0","git-client-1.3.0","git-client-1.2.0","git-client-1.1.2","git-client-1.1.1","git-client-1.1","git-client-1.0.6","git-client-1.0.4","git-client-1.0.5","git-client-1.0.2","git-client-1.0.1","git-client-1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36881.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}