Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1468
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:7865 https://access.redhat.com/errata/RHSA-2022:7865
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-36881
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.8 Via RHSA-2023:0017 https://access.redhat.com/errata/RHSA-2023:0017