A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java
, AnsibleAdHocCommandBuilder.java
, AnsibleAdHocCommandInvocationTest.java
, AnsibleContext.java
, AnsibleJobDslExtension.java
, AnsiblePlaybookBuilder.java
, AnsiblePlaybookStep.java
that disables host key verification by default. Ansible Plugin 1.0 now enables host key verification by default, adding options allowing users to opt out.
もっと詳しく