Description
A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to.
Remediation
References
https://jenkins.io/security/advisory/2018-06-25/#SECURITY-941
Related Vulnerabilities
CVE-2012-2098 Vulnerability in maven package org.apache.commons:commons-compress
CVE-2018-12536 Vulnerability in maven package org.eclipse.jetty:jetty-util
CVE-2012-6662 Vulnerability in npm package jquery-ui
CVE-2023-28675 Vulnerability in maven package org.jenkinsci.plugins:octoperf
CVE-2022-34195 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector