Ecosystem	Package	Version

Vulnerabilities

CVE-2023-37948

CVE-2023-37948

Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks.

Published Feb 3, 2026

https://github.com/advisories/GHSA-j54r-w587-95q7

CVSS ScoreLow

3.7

Ecosystem	Package	Version


maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.15
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.0
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.10
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.11
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.12
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.13
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.14
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.16
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.1
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.2
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.3
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.4
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.5
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.6
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.7
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.8
maven	org.jenkins-ci.plugins/oracle-cloud-infrastructure-compute	1.0.9

CVE-2023-37948 | Components Impacted | Sonatype Guide | Sonatype Guide